Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ppap' = ''
- <SYSTEM32>\rundll32.exe <SYSTEM32>\update.dll,_update@16
- %TEMP%\000018f2.tmp
- %TEMP%\000058ba.tmp
- <SYSTEM32>\update.dll
- %TEMP%\00000f55.tmp
- %TEMP%\000058ba.tmp
- %TEMP%\000018f2.tmp
- %TEMP%\00000f55.tmp
- 'dh####rver.ddns.us':80
- '67.##5.160.76':80
- 67.##5.160.76/
- dh####rver.ddns.us/index.asp
- DNS ASK dh####rver.ddns.us
- DNS ASK www.ya##o.com