Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NewHome' = '"<Full path to virus>" '
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" /v "Flags" /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" /v "Version" /t REG_SZ /d "*" /f
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}" /v "Version" /t REG_SZ /d "*" /f
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NewHome" /t REG_SZ /d "\"<Full path to virus>\" " /f
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}" /v "Flags" /t REG_DWORD /d 1 /f
- iexplore.exe
- chrome.exe
- %TEMP%\NH4945F2.ini
- %TEMP%\NH2723E0.ini
- %TEMP%\NH8E2957.ini
- %TEMP%\NH4945F2.ini
- %TEMP%\NH2723E0.ini
- %TEMP%\NH8E2957.ini
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''