Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aspnet_state' = '%LOCALAPPDATA%\aspnet_state.exe'
- %LOCALAPPDATA%\aspnet_state.exe
- %LOCALAPPDATA%\rcxa361.tmp
- %TEMP%\~dfds3.reg
- %LOCALAPPDATA%\rcxa361.tmp
- %TEMP%\~dfds3.reg
- %LOCALAPPDATA%\aspnet_state.exe
- from <Full path to file> to %LOCALAPPDATA%\aspnet_state.exe
- from %LOCALAPPDATA%\aspnet_state.exe to %TEMP%\~daa360.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\regedit.exe' /s %TEMP%\~dfds3.reg