Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NSTOP] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c "%TEMP%\\110562.bAt"
- <SYSTEM32>\svchost.exe -k NSTOP
- %TEMP%\110562.bAt
- %CommonProgramFiles%\System\Regx.xml
- %CommonProgramFiles%\System\Regx.xml
- 'to###n.twgg.org':800
- DNS ASK to###n.twgg.org