Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'AppSetup' = '<SYSTEM32>\rundll32.exe %HOMEPATH%\Templates\TempFiles\rundll.dll #2'
- <SYSTEM32>\cmd.exe /c "%TEMP%\103312.bat"
- <SYSTEM32>\rundll32.exe %HOMEPATH%\Templates\TempFiles\rundll.dll #2
- %TEMP%\103312.bat
- %HOMEPATH%\Templates\TempFiles\rundll.dll