Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '%TEMP%\rundll32 .exe'
- %TEMP%\rundll32 .exe
- %TEMP%\winamp\svhost.exe
- %WINDIR%\hdada\2012.exe
- %WINDIR%\hdada\logs.dat
- %TEMP%\rundll32 .exe
- %TEMP%\winamp\svhost.exe
- %WINDIR%\hdada\logs.dat
- 'localhost':81
- DNS ASK dj####aa.no-ip.biz
- DNS ASK dj####aa.zapto.org
- '%TEMP%\winamp\svhost.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'