Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'whhsut74' = '%APPDATA%\whhsut74.exe'
- %APPDATA%\whhsut74.exe --Restart
- %APPDATA%\whhsut74.exe
- '65.##4.51.42':80
- 'dh#.##rveftp.com':80
- 'ph#.##rveblog.net':80
- 65.##4.51.42/~pete19c/r.php
- dh#.##rveftp.com/~pete19c/r.php
- ph#.##rveblog.net/~pete19c/r.php
- DNS ASK dh#.##rveftp.com
- DNS ASK ph#.##rveblog.net
- ClassName: 'Indicator' WindowName: ''