Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_Dlls' = '<SYSTEM32>\d3dcsx_4332.dll'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_Dlls' = '<SYSTEM32>\d3dcsx_4332.dll,<SYSTEM32>\CertEnroll32.dll'
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\ykkr6.vbs
- %WINDIR%\syswow64\d3dcsx_4332.dll
- %WINDIR%\syswow64\certenroll32.dll
- '%WINDIR%\syswow64\wscript.exe' "<SYSTEM32>\ykkr6.vbs"' (со скрытым окном)
- '%WINDIR%\syswow64\wscript.exe' "<SYSTEM32>\ykkr6.vbs"