Техническая информация
- <SYSTEM32>\rundll32.exe "%TEMP%\ins1.tmp",rorbravt install worker
- %TEMP%\ins1.tmp
- 'fr###lo.mo.cx':80
- fr###lo.mo.cx/QtrztlEXsLgzLorRPQl6Pb4cW/Z5SfujeCqOs3hfmssNaSdFITOL1Kv/YD1CX83UcvmLgSfc67Fx61mD+w8UOtHPldvmUp9ASWU3H+ciPtE=
- fr###lo.mo.cx/iObSteyDWkjXHELYYClVfu/QXRk9OpWlBIGJqRgNUxRHyrMBUTJq3aPAtER6zd1wX9Zc6QHCSN8pOOrfKoB/xN/Kn1x6Uq3Ph7g8m9YE8Aojz1DQty2PoOac4ug3ECzcYaVDrYnTqEX/z9T7bv7aFnTVUzO+tSOcWvdvWQ0LS7DscH6se9X23pyJmUjlt4eJcyzKVtmt
- DNS ASK fr###lo.mo.cx
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''