Technical Information
- '%TEMP%\dllsvr32.exe'
- '%TEMP%\mso13.exe'
- '%TEMP%\dllsvr32.exe' (downloaded from the Internet)
- '%TEMP%\mso13.exe' (downloaded from the Internet)
- %TEMP%\dllsvr32.exe
- %TEMP%\mso13.exe
- '63.##9.178.162':80
- 'bo#.#ribokk.com':80
- 63.##9.178.162/EX/R3n1c2Bg8A.exe
- bo#.#ribokk.com/exe.php?ex#####
- DNS ASK bo#.#ribokk.com
- ClassName: 'Shell_TrayWnd' WindowName: ''