Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Services\efryft] 'start' = '00000002'
- [<HKLM>\SYSTEM\CONTROLSET003\Services\efryft\Parameters] 'ServiceDll' = '<SYSTEM32>\anyppy.dll'
- [<HKLM>\SYSTEM\CONTROLSET003\Services\efryft] 'start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\efryft\Parameters] 'ServiceDll' = '<SYSTEM32>\anyppy.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\efryft] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\efryft] 'ImagePath' = '<SYSTEM32>\svchost.exe -k efryft'
- [<HKLM>\SYSTEM\ControlSet001\Services\efryft\Parameters] 'ServiceDll' = '<SYSTEM32>\anyppy.dll'
- '<SYSTEM32>\svchost.exe' -k efryft
- ClassName: 'OLLYDBG', WindowName: ''
- <SYSTEM32>\anyppy.dll
- <SYSTEM32>\0004f18f.inf
- %TEMP%\80EB2F5C
- '<L####NET>.0.114':80
- http://19#.#68.0.114/20171130/051526/243484.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051514/230937.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051552/269437.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051539/255968.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051501/218234.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051422/179265.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051404/161390.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051448/204984.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/051435/192359.jsp via <L####NET>.0.114