Technical Information
- [<HKLM>\Software\Classes\.exe] '' = 'sysfile'
- [<HKLM>\Software\Classes\.com] '' = 'sysfile'
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: 'RegmonClass', WindowName: ''
- %TEMP%\ff64.tmp\ff74.tmp\ff75.bat
- ClassName: 'File Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Process Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\FF64.tmp\FF74.tmp\FF75.bat <Full path to file>"
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Mainerc /t REG_SZ /d
- '<SYSTEM32>\cmd.exe'