Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ShellHWDetction] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c ""%TEMP%\101843.BaT" "
- <SYSTEM32>\svchost.exe -k ShellHWDetction
- %TEMP%\101843.BaT
- %PROGRAM_FILES%\Windows NT\Pinball\htrn_jis.dll
- %PROGRAM_FILES%\Windows NT\Pinball\htrn_jis.dll
- 'to####.twbbs.org':20120
- DNS ASK to####.twbbs.org
- '<IP-адрес в локальной сети>':1035