Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Vmlist' = 'regsvr32 /s apphelps.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\copkyyc32] 'Start' = '00000000'
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\abskey.dll"
- <SYSTEM32>\copkyyc32.dll
- <DRIVERS>\copkyyc32.sys
- %TEMP%\tmp2.CAB
- %WINDIR%\Temp\iobust.uic
- %TEMP%\tmp1.CAB
- %TEMP%\tmp2.CAB
- %TEMP%\tmp1.CAB
- <SYSTEM32>\copkyyc32.dll в <SYSTEM32>\abskey.dll