diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md
index cd34cff..7fda733 100644
--- a/malware-tech_ref_and_memo.md
+++ b/malware-tech_ref_and_memo.md
@@ -415,6 +415,15 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
 - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
 - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
 ```
+## Starup Folder
+- 現在ログイン中のユーザのみ
+```
+C:\Users\<Username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
+```
+- 全ユーザ
+```
+C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
+```
 # Gathering Information
 ## Public IP address
   - HTTP経由