Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PRUEBA' = ''
- '<SYSTEM32>\attrib.exe' +r +s +h appdata
- '<SYSTEM32>\wscript.exe' "C:\abc.vbs"
- C:\abc.vbs
- C:\abc.vbs
- from <Full path to virus> to %APPDATA%\asdd.exe
- ClassName: 'Indicator' WindowName: ''