Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{BF3DCFE6-8B19-B844-D50B-511332A05BB0}\syshost.exe' /service
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\winlogon.exe
- System
- <SYSTEM32>\smss.exe
- %WINDIR%\Installer\{BF3DCFE6-8B19-B844-D50B-511332A05BB0}\syshost.exe
- from <Full path to virus> to %TEMP%\3064f776.tmp
- ClassName: '(null)' WindowName: 'eq'
- ClassName: '(null)' WindowName: 'pSnYuwp'
- ClassName: '(null)' WindowName: ' Jr v dH'
- ClassName: '(null)' WindowName: 'moQn GkT '
- ClassName: '(null)' WindowName: 'eeVM nk'
- ClassName: '(null)' WindowName: 'Dg trVUE p '