Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '<SYSTEM32>\<Virus name>.exe'
- <SYSTEM32>\<Virus name>.exe "<Full path to virus>"
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\a.bat" "
- <SYSTEM32>\attrib.exe -s -h "<Full path to virus>"
- <SYSTEM32>\cmd.exe /c ""<Current directory>\a.bat" "
- <SYSTEM32>\attrib.exe -s -h
- <SYSTEM32>\a.bat
- <SYSTEM32>\enfvysqta.exe
- <Current directory>\a.bat
- <SYSTEM32>\<Virus name>.exe
- <Full path to virus>
- <SYSTEM32>\a.bat
- <Current directory>\a.bat
- '0c##ch.com':21
- DNS ASK 0c##ch.com
- ClassName: '' WindowName: 'Windows Security Alert'