Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] '' = '<SYSTEM32>\wsx1.exe'
- '<SYSTEM32>\wsx1.exe'
- '%WINDIR%\sleep.exe' 500
- '<SYSTEM32>\cmd.exe' /c %TEMP%\temp8254.bat
- %TEMP%\temp8254.bat
- <SYSTEM32>\wsx1.exe
- 'tr####x.no-ip.biz':5558
- DNS ASK tr####x.no-ip.biz