Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ideoua60' = '%APPDATA%\ideoua60.exe'
- '%APPDATA%\ideoua60.exe' --Restart
- '%APPDATA%\ideoua60.exe'
- %APPDATA%\ideoua60.exe
- '65.##4.51.42':80
- 'dh#.##rveftp.com':80
- 'ph#.##rveblog.net':80
- 65.##4.51.42/~pete19c/r.php
- dh#.##rveftp.com/~pete19c/r.php
- ph#.##rveblog.net/~pete19c/r.php
- DNS ASK dh#.##rveftp.com
- DNS ASK ph#.##rveblog.net
- ClassName: 'Indicator' WindowName: ''