Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'syshost32' = '%WINDIR%\Installer\{12732181-B211-C46E-8E13-BC65642A2AFC}\syshost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\63535389bdb42945] 'ImagePath' = '<DRIVERS>\63535389bdb42945.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\63535389bdb42945] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\567ca] 'Start' = '00000001'
- %WINDIR%\Installer\{12732181-B211-C46E-8E13-BC65642A2AFC}\syshost.exe
- %WINDIR%\Installer\{12732181-B211-C46E-8E13-BC65642A2AFC}\syshost.exe /service
- <SYSTEM32>\logonui.exe /status
- NtOpenThread, драйвер-обработчик: unknown
- NtOpenProcess, драйвер-обработчик: unknown
- <DRIVERS>\63535389bdb42945.sys
- <DRIVERS>\567ca.sys
- %WINDIR%\Installer\{12732181-B211-C46E-8E13-BC65642A2AFC}\syshost.exe
- <DRIVERS>\63535389bdb42945.sys
- %WINDIR%\Installer\{12732181-B211-C46E-8E13-BC65642A2AFC}\syshost.exe в %TEMP%\5671409e.tmp
- из <Полный путь к вирусу> в %TEMP%\2eec7e14.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'StatusWindowClass' WindowName: ''