Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CRMSvc] 'ImagePath' = '"%APPDATA%\bytbzsxc.mmt\hbf1fkya.4gm.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\CRMSvc] 'Start' = '00000002'
- '%APPDATA%\bytbzsxc.mmt\hbf1fkya.4gm.exe'
- '<SYSTEM32>\sc.exe' failure "CRMSvc" reset= 2 actions= restart/10000
- '%APPDATA%\bytbzsxc.mmt\hbf1fkya.4gm.exe' --install
- %APPDATA%\bytbzsxc.mmt\hbf1fkya.4gm.InstallState
- %APPDATA%\bytbzsxc.mmt\hbf1fkya.4gm.InstallLog
- %APPDATA%\bytbzsxc.mmt\hbf1fkya.4gm.exe
- '17#.9.8.183':2247
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d