Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\startx.lnk
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c944269fbe50bce9bb2d17b86228298a_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\451eca69911e0bb4176d9f4b85752f17_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\76709568d830dd340428e0e975135bed_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\4a99bf8fb887746d37bc1d66803be35f_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\startx.exe
- from <Full path to file> to %APPDATA%\startx.exe
- ClassName: '#32770' WindowName: ''
- '%APPDATA%\startx.exe'