Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogin.exe' = '<SYSTEM32>'
- %ALLUSERSPROFILE%\start menu\programs\startup\<File name>.exe
- hidden files
- <SYSTEM32>\<File name>.exe
- %ALLUSERSPROFILE%\start menu\programs\startup\<File name>.exe
- from <SYSTEM32>\<File name>.exe to <SYSTEM32>\winlogin.exe