Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'reruilahle' = 'regsvr32 /s "%APPDATA%\reruilahle.jpg"'
- iexplore.exe
- ClassName: '' WindowName: 'nidll'
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v reruilahle /d "regsvr32 /s """%APPDATA%\reruilahle.jpg"""" /f' (with hidden window)
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v reruilahle /d "regsvr32 /s """%APPDATA%\reruilahle.jpg"""" /f