Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:\Documents'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:\Documents'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe'
- '%APPDATA%\MicrosoftServices\MicrosoftServices\csrss.exe' -keyhide -prochide 3120 -reg %APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe -proc 3120 %APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe
- '%APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe'
- '%HOMEPATH%\Templates\HWID Generator.exe'
- %APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe:ZONE.identifier
- %APPDATA%\MicrosoftServices\MicrosoftServices\csrss.exe
- %APPDATA%\MicrosoftServices\MicrosoftServices\csrss.exe:ZONE.identifier
- %HOMEPATH%\Templates\HWID Generator.exe
- <Полный путь к вирусу>:ZONE.identifier
- %APPDATA%\MicrosoftServices\MicrosoftServices\Creation.exe
- %APPDATA%\MicrosoftServices\MicrosoftServices\csrss.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''