Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nanuly' = '%PROGRAM_FILES%\nanuly\nanuly.exe'
- %PROGRAM_FILES%\nanuly\nallist.nau
- %PROGRAM_FILES%\nanuly\naelist2.nau
- %PROGRAM_FILES%\nanuly\naelist.nau
- %PROGRAM_FILES%\nanuly\nanolist.nau
- %PROGRAM_FILES%\nanuly\naulist.nau
- %PROGRAM_FILES%\nanuly\naulist2.nau
- 'fi##.nanuly.com':80
- fi##.nanuly.com/shoplist/list2.php
- fi##.nanuly.com/shoplist/list.php
- fi##.nanuly.com/shoplist/list_loss.php
- fi##.nanuly.com/shoplist/list_exc.php
- fi##.nanuly.com/shoplist/list_exc2.php
- fi##.nanuly.com/shoplist/no_list.php
- fi##.nanuly.com/cont/regid.txt
- fi##.nanuly.com/cont/proid.txt
- fi##.nanuly.com/cont/guid.txt
- fi##.nanuly.com/cont/dllid.txt
- fi##.nanuly.com/cont/sizeid.txt
- DNS ASK fi##.nanuly.com
- ClassName: 'IEFrame' WindowName: ''