Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'logon' = '%WINDIR%\logon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmon' = '%WINDIR%\ctfmon32.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.exe
- %WINDIR%\logon.exe
- %WINDIR%\ctfmon32.exe
- '<LOCALNET>.0.2':6000