Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\csrss.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'mswinlogon' = '%WINDIR%\mscsrss.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'systemupdate' = '%HOMEPATH%\Music\276688.exe'
- %HOMEPATH%\music\276688.exe
- '%HOMEPATH%\music\276688.exe'