Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%\nsg\iag.exe %APPDATA%\nsg\pxw-don'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- '%APPDATA%\nsg\iag.exe' %APPDATA%\nsg\YNRKH
- '%APPDATA%\nsg\iag.exe' pxw-don
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %APPDATA%\nsg\vpt.pdf
- %APPDATA%\nsg\wpi.ico
- %APPDATA%\nsg\abm.mp4
- %APPDATA%\nsg\ubq.icm
- %APPDATA%\nsg\YNRKH
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\.Identifier
- %APPDATA%\nsg\bkj.dat
- %APPDATA%\nsg\ptq.txt
- %APPDATA%\nsg\dec.docx
- %APPDATA%\nsg\iag.exe
- %APPDATA%\nsg\wjn.mp3
- %APPDATA%\nsg\iai.mp4
- %APPDATA%\nsg\pxw-don
- %APPDATA%\nsg\hbr.jpg
- %APPDATA%\nsg\crh.xl
- %APPDATA%\nsg\lol.icm
- %APPDATA%\nsg\lxv.pdf
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\.Identifier
- %APPDATA%\nsg\iag.exe
- %APPDATA%\nsg\YNRKH
- 'mo#####ney.adultdns.net':46556
- DNS ASK mo#####ney.adultdns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''