Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%TEMP%\FolderN\name.exe.lnk'
- svhost.exe
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: 'PROCEXPL', WindowName: ''
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\file.exe.exe
- %HOMEPATH%\AppData\Local\Temp\FolderN\name.exe.lnk
- %TEMP%\svhost.exe
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- '18#.#09.20.221':223
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:1790722 "__IRAFN:<Full path to file>" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- '%TEMP%\_ir_sf_temp_0\file.exe.exe'
- '%TEMP%\svhost.exe'
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%TEMP%\FolderN\name.exe.lnk" /f