Техническая информация
- <SYSTEM32>\rundll32.exe "%TEMP%\ins1.tmp",rorbravt install worker
- %TEMP%\ins1.tmp
- 'pm####wsko.mo.cx':80
- pm####wsko.mo.cx/zwCUVCKigk0OF1n2e8wNZXTnkVWBw0cgrkEYzxpi7xQ0xbnFZIcUB61jFLgHlfodm2YH9h9IWKGkNHgymSx2o0CnOpgvFM2pRv21BqbuhIk=
- pm####wsko.mo.cx/XuZDUvak66AvWLe9EfkXf120HJ/xybA1KNIKki63UJAbM/yB3qD52bMRFc3bQyfnCXVJAzHp0mD6oyk5z6soxEAq75cYG28qGL6EuQbWA9n8AM+MuuNS6MH5yq7nzn6x7DLQ9OL/3Auyo45e+OulyMycR1trxDK/6FtHO37i7kUEO8xhCKcjPzUG++3zf1IU74KMwnV8
- DNS ASK pm####wsko.mo.cx
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''