Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Donald' = '"C:\Users\%USERNAME%\Scrivania\donald.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Donald' = '"C:\Users\%USERNAME%\Desktop\donald.exe"'
- <SYSTEM32>\reg.exe ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Donald /t REG_SZ /d \"C:\Users\%USERNAME%\Desktop\donald.exe\" /f
- <SYSTEM32>\reg.exe ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Donald /t REG_SZ /d \"C:\Users\%USERNAME%\Scrivania\donald.exe\" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\donald.bat" "
- <SYSTEM32>\attrib.exe +H +S +R
- %TEMP%\1.tmp\donald.bat
- <Полный путь к вирусу>
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''