Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Adobe Player Update Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Adobe Player Update Service] 'ImagePath' = '<SYSTEM32>\AdobeUpdateSvc.exe'
- %TEMP%\612503306
- %TEMP%\84798291
- %TEMP%\cetrainers\cet6004.tmp\cet_archive.dat
- %TEMP%\cetrainers\cet6004.tmp\612503306
- %TEMP%\cetrainers\cet6004.tmp\extracted\cet_trainer.cetrainer
- %TEMP%\cetrainers\cet6004.tmp\extracted\defines.lua
- %TEMP%\cetrainers\cet6004.tmp\extracted\612503306
- %TEMP%\cetrainers\cet6004.tmp\extracted\lua53-64.dll
- <SYSTEM32>\adobeupdatesvc.exe
- %WINDIR%\temp\cab32b5.tmp
- %WINDIR%\temp\tar32b6.tmp
- <SYSTEM32>\adobeupdatesvc.exe
- %TEMP%\84798291
- %TEMP%\612503306
- %TEMP%\cetrainers\cet6004.tmp\extracted\cet_trainer.cetrainer
- %WINDIR%\temp\cab32b5.tmp
- %WINDIR%\temp\tar32b6.tmp
- '84.##0.17.77':4443
- 'localhost':4447
- 'th##kery.me':443
- 'pa###.dropbox.com':443
- 'gi##ub.com':443
- DNS ASK th##kery.me
- DNS ASK pa###.dropbox.com
- DNS ASK gi##ub.com
- '%TEMP%\612503306'
- '%TEMP%\cetrainers\cet6004.tmp\612503306' -ORIGIN:"%TEMP%\"
- '%TEMP%\cetrainers\cet6004.tmp\extracted\612503306' "%TEMP%\cetrainers\CET6004.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:%TEMP%\"
- '%TEMP%\84798291'
- '<SYSTEM32>\adobeupdatesvc.exe'