Author: Artur Khanov (@awengar)
A client from the South Pole was infected with malware.
He shared his disk image with us at http://126.96.36.199/image.img, but of course his internet speed is awful. Find malware on it, we need emergency incident response!
Let’s begin with common autorun locations...
Hint at 01:00 — autorun locations do not necessarily mean file system paths