Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\sys.exe'
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\sys.dll
- %WINDIR%\syswow64\sys.exe
- <Current directory>\s.bat
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\s.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\s.bat" "