Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinShell' = 'C:\WinShell\WinSeven.exe'
- 'C:\WinShell\WinSeven.exe'
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v WinShell /t REG_SZ /d C:\WinShell\WinSeven.exe /f
- firefox.exe
- iexplore.exe
- C:\WinShell\WinSeven.exe
- ClassName: 'Indicator' WindowName: '(null)'