Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\IKEXT] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\203156.bAt
- '<SYSTEM32>\svchost.exe' -k IKEXT
- %TEMP%\203156.bAt
- %PROGRAM_FILES%\Windows NT\Accessories\wordpad.ini
- %PROGRAM_FILES%\Windows NT\Accessories\wordpad.ini
- 'to###n.twgg.org':2022
- DNS ASK to###n.twgg.org