Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\sysDll.exe'
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\sysdll.dll
- %WINDIR%\syswow64\sysdll.exe
- <Current directory>\s.bat
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\s.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\s.bat" "