Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{10FAE79D-5439-1F3B-0000-050604020507}] 'StubPath' = '<SYSTEM32>\sytsat.exe'
- <SYSTEM32>\logonui.exe /status /shutdown
- <SYSTEM32>\cmd.exe /c "%TEMP%\\sscmd.bat"
- %WINDIR%\Explorer.EXE
- %TEMP%\sscmd.bat
- <SYSTEM32>\sytsat.exe
- %TEMP%\a.exe
- %TEMP%\b.exe
- %TEMP%\a.exe
- '20####5.oicp.net':80
- DNS ASK 20####5.oicp.net
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''