Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ppap' = ''
- '<SYSTEM32>\rundll32.exe' %TEMP%\update.dll,_update@16
- '<SYSTEM32>\cmd.exe' /c rundll32.exe %TEMP%\update.dll,_update@16
- %TEMP%\000007b9.tmp
- %TEMP%\00003b25.tmp
- %TEMP%\update.dll
- %TEMP%\00001c37.tmp
- %TEMP%\00003b25.tmp
- %TEMP%\000007b9.tmp
- %TEMP%\00001c37.tmp
- 'dh######er.msftupdate.com':80
- '67.##5.160.76':80
- http://www.ya##o.com/ via 67.##5.160.76
- http://www.google.com/index.asp via dh######er.msftupdate.com
- DNS ASK dh######er.msftupdate.com
- DNS ASK www.ya##o.com