Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\sys.dll'
- %TEMP%\Temp.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /t REG_SZ /d "<SYSTEM32>\sys.dll" /f
- <SYSTEM32>\Mx.exe
- <SYSTEM32>\cmd.exe /c C:\delM.bat
- <SYSTEM32>\cmd.exe /c %TEMP%\ss.bat
- <SYSTEM32>\VMware.dll
- <SYSTEM32>\Mx.exe
- C:\delM.bat
- %TEMP%\Temp.exe
- %TEMP%\ss.bat
- <SYSTEM32>\sys.dll
- <SYSTEM32>\Mx.exe
- %TEMP%\Temp.exe
- %TEMP%\ss.bat