Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'BrowserUpdateCheck' = '%LOCALAPPDATA%\<File name>.exe'
- <Drive name for removable media>:\delete.avi
- <Drive name for removable media>:\read me!.hta
- %LOCALAPPDATA%\<File name>.exe
- C:\users\public\d7d9d79ea53c863cab1662d18f47d10e230d5395c53647ac7a9c88544b115666
- D:\read me!.hta
- D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\read me!.hta
- C:\users\read me!.hta
- %HOMEPATH%\read me!.hta
- %HOMEPATH%\videos\read me!.hta