Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NCG' = '%PROGRAM_FILES%\NCG\NetsyncContentGuard.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\.NCGService] 'Start' = '00000002'
- %PROGRAM_FILES%\NCG\NetsyncContentGuard.exe
- %PROGRAM_FILES%\NCG\NCGService.exe
- %PROGRAM_FILES%\NCG\NCGServiceCtrl.exe -start
- %PROGRAM_FILES%\NCG\NCGServiceCtrl.exe -u
- %PROGRAM_FILES%\NCG\NCGServiceCtrl.exe -i
- ClassName: 'OllyDBG' WindowName: ''
- %PROGRAM_FILES%\NCG\libeay32.dll
- %PROGRAM_FILES%\NCG\NetsyncContentGuard.exe
- %PROGRAM_FILES%\NCG\NCGServiceCtrl.exe
- %PROGRAM_FILES%\NCG\StartService.lnk
- %PROGRAM_FILES%\NCG\ncgagent.sys
- <DRIVERS>\HtSDec15.sys
- %PROGRAM_FILES%\NCG\uninstall.exe
- %TEMP%\nsr2.tmp\NcgAgentInstallUtil.dll
- %TEMP%\nsr2.tmp\System.dll
- %PROGRAM_FILES%\NCG\NCGService.exe
- %ALLUSERSPROFILE%\Application Data\INKA Entworks\NcgAgentPolicy.lst
- %ALLUSERSPROFILE%\Application Data\INKA Entworks\KillAppXML.lst
- 'su#####.netsync.co.kr':80
- su#####.netsync.co.kr/@LiveUpdate/KillApplicationV1.2/KillAppXML.lst?
- DNS ASK www.download.windowsupdate.com
- DNS ASK cr#.##obalsign.net
- DNS ASK su#####.netsync.co.kr
- DNS ASK wp#d
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''