Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Network Adapter Events] 'Start' = '00000002'
- '<SYSTEM32>\msvmzvla.exe' /service
- <SYSTEM32>\msvmzvla.exe
- 'of####-gyxvso.com':80
- 'yp####x-ihfcy.com':80
- '20#.#6.232.182':80
- of####-gyxvso.com/esss/kurva.php
- yp####x-ihfcy.com/esss/kurva.php
- DNS ASK of####-gyxvso.com
- DNS ASK yp####x-ihfcy.com
- DNS ASK www.microsoft.com