Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{285500CA-53BD-E8BF-31EF-0AA71149E733}\syshost.exe' /service
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=in new action=allow enable=yes profile=any
- %WINDIR%\Temp\95caeab8-8b62-6126-1b32-38c3f7f8105e.tmp
- %WINDIR%\Installer\{285500CA-53BD-E8BF-31EF-0AA71149E733}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\5cd090de.tmp
- DNS ASK dn#.##ftncsi.com
- DNS ASK microsoft.com
- ClassName: 'Shell_TrayWnd' WindowName: ''