Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'nv4_disp' = '<SYSTEM32>\nv4_disp.exe'
- [HKCU\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'Ê¢¾ÅÍøÂç¿Æ¼¼ 24Сʱ¿Í·þµç»° 13875788303'
- %TEMP%\bt12138.bat
- %WINDIR%\syswow64\1.reg
- %TEMP%\bt12138.bat
- %WINDIR%\syswow64\1.reg
- %TEMP%\bt12138.bat
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\bt12138.bat "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\bt12138.bat "<Full path to file>"
- '%WINDIR%\syswow64\regedit.exe' /s <SYSTEM32>\1.reg