Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{29EAADEC-13FC-FD32-EEAA-105B8C96D3BD}\syshost.exe' /service
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\winlogon.exe
- System
- <SYSTEM32>\smss.exe
- %WINDIR%\Installer\{29EAADEC-13FC-FD32-EEAA-105B8C96D3BD}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\478c3020.tmp
- ClassName: '(null)' WindowName: 'Mkyf'
- ClassName: '(null)' WindowName: 'tC bqpkfSDlOc'
- ClassName: '(null)' WindowName: 'LjxPPZuV'
- ClassName: '(null)' WindowName: 'PvxqbEiq '
- ClassName: '(null)' WindowName: 'z mSljy'
- ClassName: '(null)' WindowName: 'kdevNgMo '
- ClassName: '(null)' WindowName: 'etcl mFwCY'
- ClassName: '(null)' WindowName: 'jEqwvFxsmxw iDvRwi'
- ClassName: '(null)' WindowName: 'zKlpsX'
- ClassName: '(null)' WindowName: 'jzXWkYIDwEp'
- ClassName: '(null)' WindowName: 'FJqfS j'