Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '<SYSTEM32>\<File name>.exe'
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '<File name>.exe "%1" %*'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'User32' = '<File name>.exe'
- %WINDIR%\win.ini
- %WINDIR%\<File name>.exe
- %WINDIR%\login.scr
- C:\ErrorLog.LOG
- %ProgramFiles%\errorlog.dat
- <SYSTEM32>\<File name>.exe
- %TEMP%\~DF488E.tmp
- <SYSTEM32>\MSWin.dat
- %TEMP%\~DF5589.tmp
- %WINDIR%\login.scr
- %TEMP%\~DF488E.tmp
- '<SYSTEM32>\<File name>.exe'