Technical Information
- %WINDIR%\tasks\phototracker.job
- <SYSTEM32>\tasks\phototracker
- [<HKLM>\System\CurrentControlSet\Services\Calculated Library] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Calculated Library] 'ImagePath' = '%APPDATA%\Calculated Library\Calculated Library.exe'
- 'Calculated Library' %APPDATA%\Calculated Library\Calculated Library.exe
- %ALLUSERSPROFILE%\{4ac00bf6-5baa-8a02-4ac0-00bf65ba2fd9}\<File name>.exe
- %ALLUSERSPROFILE%\{4ac00bf6-5baa-8a02-4ac0-00bf65ba2fd9}\<File name>.dat
- %APPDATA%\calculated library\calculated library.exe
- %APPDATA%\calculated library\fba00.dat
- 'fu###et.link':80
- 'ge####ltiple.link':80
- DNS ASK fu###et.link
- DNS ASK al####el-pro.com
- DNS ASK ge####ltiple.link
- '%APPDATA%\calculated library\calculated library.exe'