Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\COMSysAp] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\159484.BaT" "
- '<SYSTEM32>\svchost.exe' -k COMSysAp
- %TEMP%\159484.BaT
- %CommonProgramFiles%\Services\bigfoot.jpg
- %CommonProgramFiles%\Services\bigfoot.jpg
- 'gh###.twbbs.org':8080
- DNS ASK gh###.twbbs.org