Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\sys.dll'
- '%TEMP%\Temp.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /t REG_SZ /d "<SYSTEM32>\sys.dll" /f
- '<SYSTEM32>\cmd.exe' /c C:\delM.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ss.bat
- <SYSTEM32>\VMware.dll
- C:\delM.bat
- <SYSTEM32>\sys.dll
- %TEMP%\Temp.exe
- %TEMP%\ss.bat