Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dzcdcj64' = '%APPDATA%\dzcdcj64.exe'
- %APPDATA%\dzcdcj64.exe --Restart
- %APPDATA%\dzcdcj64.exe
- 'dh#.##rveftp.com':80
- 'ph#.##rveblog.net':80
- dh#.##rveftp.com/~pete19c/r.php
- ph#.##rveblog.net/~pete19c/r.php
- DNS ASK dh#.##rveftp.com
- DNS ASK ph#.##rveblog.net
- ClassName: 'Indicator' WindowName: ''