Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2283880F-EF87-4aac-8EBD-C9BCC8494AF5_36' = 'rundll32.exe "%APPDATA%\2283880F-EF87-4aac-8EBD-C9BCC8494AF5_36.avi", start'
- %TEMP%\ins1563.tmp
- %APPDATA%\2283880f-ef87-4aac-8ebd-c9bcc8494af5_36.avi
- '91.#88.60.5':80
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\ins1563.tmp", start first worker