Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xXx' = '<SYSTEM32>\xXXx.ex'
- hidden files
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000000'
- <SYSTEM32>\xXXx.exe
- <SYSTEM32>\xXx.exe
- %TEMP%\~DF6C14.tmp