Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{1871E0ED-5148-2611-ADEE-7C15D02B5BAB}\syshost.exe' /service
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\smss.exe
- System
- %WINDIR%\Installer\{1871E0ED-5148-2611-ADEE-7C15D02B5BAB}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\4cce6eb4.tmp
- ClassName: '(null)' WindowName: ' zenatmk'
- ClassName: '(null)' WindowName: 'g jA Ovq K'
- ClassName: '(null)' WindowName: 'jS mxXK g'
- ClassName: '(null)' WindowName: 'ttk L'
- ClassName: '(null)' WindowName: 'vnuoG'
- ClassName: '(null)' WindowName: 'Ww'
- ClassName: '(null)' WindowName: 'uNgg'
- ClassName: '(null)' WindowName: 'DPc wyhAE nAy'
- ClassName: '(null)' WindowName: ' obiJuTIRgzY'
- ClassName: '(null)' WindowName: 'gmshEk'
- ClassName: '(null)' WindowName: 'nSD'
- ClassName: '(null)' WindowName: 'ZcltGsTfz'
- ClassName: '(null)' WindowName: 'rJS m drvw'
- ClassName: '(null)' WindowName: 'rQdN efXuDc'
- ClassName: '(null)' WindowName: 'xsQ bAZKf'
- ClassName: '(null)' WindowName: 'v enOzqu h'
- ClassName: '(null)' WindowName: 'FitQxa rw qd'
- ClassName: '(null)' WindowName: 'dhwnnLSbl'
- ClassName: '(null)' WindowName: 'c XDKrxcHrd'
- ClassName: '(null)' WindowName: 'aeqVpsmqO'
- ClassName: '(null)' WindowName: 'x j FZS faQTDo'
- ClassName: '(null)' WindowName: 'sty xO'
- ClassName: '(null)' WindowName: 'Lbkirf'
- ClassName: '(null)' WindowName: 'vn jBaowVl '