Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = 'C:\RECYCLE\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,C:\RECYCLE\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{54127469-EDAB-56ED-2D69-AC32169C5874}] 'StubPath' = 'rundll32.exe URL.DLL,FileProtocolHandler "C:\RECYCLE\services.exe'
- C:\RECYCLE\services.exe
- C:\RECYCLE\Desktop.ini
- C:\RECYCLE\services.exe