Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'DeleteFile' = 'cmd /C del "<Current directory>\rundll16.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'DeleteFile' = 'cmd /C del "<Full path to virus>"'
- <Current directory>\rundll16.exe "<Full path to virus>"
- <Current directory>\rundll16.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''