Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Services\mcvdey] 'start' = '00000002'
- [<HKLM>\SYSTEM\CONTROLSET003\Services\mcvdey\Parameters] 'ServiceDll' = '<SYSTEM32>\bzycob.dll'
- [<HKLM>\SYSTEM\CONTROLSET003\Services\mcvdey] 'start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\mcvdey\Parameters] 'ServiceDll' = '<SYSTEM32>\bzycob.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\mcvdey] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\mcvdey] 'ImagePath' = '<SYSTEM32>\svchost.exe -k mcvdey'
- [<HKLM>\SYSTEM\ControlSet001\Services\mcvdey\Parameters] 'ServiceDll' = '<SYSTEM32>\bzycob.dll'
- '<SYSTEM32>\svchost.exe' -k mcvdey
- <SYSTEM32>\bzycob.dll
- <SYSTEM32>\0005b485.inf
- %TEMP%\80EB2F5C
- '<L####NET>.0.254':80
- http://19#.#68.0.254/20171130/113026/237140.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/113014/224859.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/113052/262484.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/113039/249687.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/113002/212781.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/112925/175546.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/112907/157687.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/112950/200562.jsp via <L####NET>.0.254
- http://19#.#68.0.254/20171130/112937/188125.jsp via <L####NET>.0.254