Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'syshost32' = '%WINDIR%\Installer\{C8CE4E86-E2D6-AC34-5675-DD0A36060C5D}\syshost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- %WINDIR%\Installer\{C8CE4E86-E2D6-AC34-5675-DD0A36060C5D}\syshost.exe
- %WINDIR%\Installer\{C8CE4E86-E2D6-AC34-5675-DD0A36060C5D}\syshost.exe /service
- <SYSTEM32>\dumprep.exe 2388 -dm 7 7 %TEMP%\WERafae.dir00\cscript.exe.mdmp 16325836412027400
- <SYSTEM32>\dumprep.exe 1652 -dm 7 7 %TEMP%\WERa265.dir00\ctfmon.exe.hdmp 16325836412027260
- <SYSTEM32>\logonui.exe /status
- <SYSTEM32>\dumprep.exe 1424 -dm 7 7 %TEMP%\WERa78d.dir00\explorer.exe.mdmp 16325836412028040
- <SYSTEM32>\dumprep.exe 1652 -dm 7 7 %TEMP%\WERa265.dir00\ctfmon.exe.mdmp 16325836412027240
- <SYSTEM32>\cscript.exe
- <Служебный элемент>
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- %TEMP%\WERa78d.dir00\explorer.exe.mdmp
- %TEMP%\WERa265.dir00\ctfmon.exe.mdmp
- %WINDIR%\Installer\{C8CE4E86-E2D6-AC34-5675-DD0A36060C5D}\syshost.exe
- %WINDIR%\Installer\{C8CE4E86-E2D6-AC34-5675-DD0A36060C5D}\syshost.exe в %TEMP%\f39340f2.tmp
- из <Полный путь к вирусу> в %TEMP%\f01ff347.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'StatusWindowClass' WindowName: ''