Technical Information
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V WinDll /t REG_SZ /F /D %APPDATA%\Windows\windll.exe
- '%WINDIR%\XXInstall\ps.exe' /pid=2896
- '<SYSTEM32>\cmd.exe' /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V WinDll /t REG_SZ /F /D %APPDATA%\Windows\windll.exe
- '<SYSTEM32>\cmd.exe' /c mkdir %APPDATA%\Windows
- '<SYSTEM32>\cmd.exe' /c copy <Full path to file> %APPDATA%\Windows\windll.exe
- '71.##.63.147':54984