Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Mozilla Firefox' = '%APPDATA%\<File name>.exe'
- <Drive name for removable media>:\<File name>.exe
- %TEMP%\invoice.docx
- %TEMP%\moftah
- %TEMP%\moftahto
- %TEMP%\kos
- %TEMP%\maimo
- %TEMP%\datos
- %TEMP%\bmaimo
- %TEMP%\katos
- %APPDATA%\<File name>.exe
- D:\<File name>.exe
- %TEMP%\kos
- %TEMP%\moftah
- %TEMP%\moftahto
- %TEMP%\datos
- %TEMP%\maimo
- %TEMP%\bmaimo
- %TEMP%\katos
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\INVOICE.docx"' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\INVOICE.docx"