From 74acbaa1e7f59916bbbbd2c78e477173355ed897 Mon Sep 17 00:00:00 2001
From: mether049 <cstt17009@g.nihon-u.ac.jp>
Date: Sat, 18 Apr 2020 23:59:29 +0900
Subject: [PATCH] Update malware-tech_ref_and_memo.md

---
 malware-tech_ref_and_memo.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md
index cd34cff..7fda733 100644
--- a/malware-tech_ref_and_memo.md
+++ b/malware-tech_ref_and_memo.md
@@ -415,6 +415,15 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
 - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
 - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
 ```
+## Starup Folder
+- 現在ログイン中のユーザのみ
+```
+C:\Users\<Username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
+```
+- 全ユーザ
+```
+C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
+```
 # Gathering Information
 ## Public IP address
   - HTTP経由