Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mscat] 'Startup' = 'S'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mscat] 'DLLName' = 'mscat.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\mscat] 'Start' = '00000002'
- %TEMP%\7794ca92.exe
- <SYSTEM32>\sc.exe description mscat "MSCAT32 Forwarder DLL"
- <SYSTEM32>\sc.exe create mscat type= share start= auto DisplayName= "MSCAT32 Forwarder DLL" group= "Event Log" binPath= "rundll32.exe <SYSTEM32>\mscat.dll,ebah"
- <SYSTEM32>\b064572f.dll
- %TEMP%\7794ca92.exe
- <SYSTEM32>\456278c0.dll
- <SYSTEM32>\3fd26e99.dll
- <SYSTEM32>\mscat.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''