Technical Information
- [<HKLM>\SOFTWARE\Classes\VBEFile\Shell\Open\Command] '' = '<SYSTEM32>\WScript.exe "%1" %*'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>' = 'wscript.exe //B "%TEMP%\<File name>.vbe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = 'wscript.exe //B "%TEMP%\<File name>.vbe"'
- %TEMP%\aut1.tmp
- %TEMP%\~wdlxmsr.vbe
- <SYSTEM32>\<File name>.vbe
- <SYSTEM32>\<File name>.vbe
- %TEMP%\aut1.tmp
- <SYSTEM32>\<File name>.vbe
- %TEMP%\~wdlxmsr.vbe
- '%TEMP%\~wdlxmsr.vbe' "<SYSTEM32>\<File name>.vbe"
- '<SYSTEM32>\wscript.exe' //B "%TEMP%\<File name>.vbe"