Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WinUpdates' = '%WINDIR%\windupdate\svchost.exe'
- '%WINDIR%\windupdate\svchost.exe'
- %WINDIR%\windupdate\vistas.dll
- %WINDIR%\windupdate\svchost.exe
- %WINDIR%\windupdate\vistas.dll
- 'do####.sytes.net':80
- do####.sytes.net/dom/getcmd.php?id####################
- DNS ASK do####.sytes.net