Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'sistema_windows' = '"%TEMP%\sistema_windows.vbs"'
- %TEMP%\sistema_windows.vbs
- '<SYSTEM32>\wscript.exe' %TEMP%\sistema_windows.vbs
- '<SYSTEM32>\wscript.exe' %TEMP%\sistema_windows.vbs' (with hidden window)