Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '%HOMEPATH%\Documents\<File name>.pif'
- %HOMEPATH%\documents\<File name>.pif
- '88.##9.206.142':80
- http://88.##9.206.142/974
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "<File name>" /t REG_SZ /F /D "%HOMEPATH%\Documents\<File name>.pif"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c Copy "<Full path to file>" "%HOMEPATH%\Documents\<File name>.pif"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "<File name>" /t REG_SZ /F /D "%HOMEPATH%\Documents\<File name>.pif"
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "<File name>" /t REG_SZ /F /D "%HOMEPATH%\Documents\<File name>.pif"
- '%WINDIR%\syswow64\cmd.exe' /c Copy "<Full path to file>" "%HOMEPATH%\Documents\<File name>.pif"