Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\23a553717e0629ce] 'ImagePath' = '<DRIVERS>\23a553717e0629ce.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\23a553717e0629ce] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\2e574] 'Start' = '00000001'
- '%WINDIR%\Installer\{6E55E70C-DADA-0DD7-E4CB-4E24C4489A41}\syshost.exe' /service
- NtOpenThread, драйвер-обработчик: unknown
- NtOpenProcess, драйвер-обработчик: unknown
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'CurrentLevel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'CurrentLevel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'CurrentLevel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1201' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'CurrentLevel' = '00000000'
- %WINDIR%\Temp\RGI1.tmp
- %WINDIR%\Temp\RGI3.tmp
- <DRIVERS>\23a553717e0629ce.sys
- %WINDIR%\Installer\{6E55E70C-DADA-0DD7-E4CB-4E24C4489A41}\syshost.exe
- <DRIVERS>\2e574.sys
- %WINDIR%\Temp\RGI3.tmp
- <DRIVERS>\2e574.sys
- из <Полный путь к вирусу> в %TEMP%\ab8e5644.tmp