Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] '' = '<DRIVERS>\nwrdtdrv.exe'
- <DRIVERS>\nwrdtdrv.exe
- %WINDIR%\sleep.exe 500
- <SYSTEM32>\cmd.exe /c %TEMP%\temp8367.bat
- %TEMP%\temp8367.bat
- <DRIVERS>\nwrdtdrv.exe