Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Abcdef Hijklm Qrs] 'ImagePath' = '%WINDIR%\zvwy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Abcdef Hijklm Qrs] 'Start' = '00000002'
- '%WINDIR%\zvwy.exe'
- %WINDIR%\zvwy.exe
- '<IP-адрес в локальной сети>':2021
- 'www.ip##.com':80
- http:///ip.php?ip############### via www.ip##.com
- DNS ASK www.ip##.com