Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Abcdef] 'ImagePath' = '<SYSTEM32>\jwzvwy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Abcdef] 'Start' = '00000002'
- <SYSTEM32>\jwzvwy.exe
- from <Full path to file> to <SYSTEM32>\116218.bak
- '22#.#29.204.123':1987
- '<SYSTEM32>\jwzvwy.exe'