Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nxdkng' = '%PROGRAM_FILES%\nxdkng\nxdkngup.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\nxdkng\nxdkng.exe' = '%PROGRAM_FILES%\nxdkng\nxdkng.exe:*:Enabled:NXDKNG'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\nxdkng\nxdkngup.exe' = '%PROGRAM_FILES%\nxdkng\nxdkngup.exe:*:Enabled:NXDKNGUP'
- %PROGRAM_FILES%\nxdkng\nxdkngup.exe
- <SYSTEM32>\attrib.exe +h "\"
- %PROGRAM_FILES%\nxdkng\nxdkng.exe
- %TEMP%\nsp3.tmp\nsHttp.dll
- %PROGRAM_FILES%\nxdkng\nxdkngup.exe
- %TEMP%\nsp2.tmp
- %TEMP%\nsp3.tmp\nsLib.dll
- %TEMP%\nsp3.tmp\nsLib.dll
- %TEMP%\nsp3.tmp\nsHttp.dll
- 'www.we###rch.co.kr':80
- www.we###rch.co.kr/info/nxdkng.htm
- www.we###rch.co.kr/ncount/count.php?tp##################################
- DNS ASK www.we###rch.co.kr
- ClassName: 'Indicator' WindowName: ''