Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{F6F43F43-8B96-3762-8B9A-64A969D4400C}\syshost.exe' /service
- <SYSTEM32>\services.exe
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\winlogon.exe
- System
- <SYSTEM32>\smss.exe
- <SYSTEM32>\csrss.exe
- %WINDIR%\Installer\{F6F43F43-8B96-3762-8B9A-64A969D4400C}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\77dec760.tmp
- ClassName: '(null)' WindowName: 'SMsEckqXjK'
- ClassName: '(null)' WindowName: ' JqxGPzx tYH q d'
- ClassName: '(null)' WindowName: 'oexMPHhEUv T'
- ClassName: '(null)' WindowName: 'jvlXrxv'
- ClassName: '(null)' WindowName: 'ifYEy'
- ClassName: '(null)' WindowName: ' vWv'
- ClassName: '(null)' WindowName: 'ljdYSts Akj'
- ClassName: '(null)' WindowName: 'R l jp '
- ClassName: '(null)' WindowName: 'kugy'
- ClassName: '(null)' WindowName: 'm ni'
- ClassName: '(null)' WindowName: 'gk Tujbwdtzqy'