Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\nsvb.exe'
- <SYSTEM32>\idumigodine_original.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\idumigodine_original.exe
- %HOMEPATH%\Desktop\Billiard.lnk
- %APPDATA%\nsvb.exe
- <SYSTEM32>\idumigodine.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- <SYSTEM32>\BackspinBilliards.exe
- %APPDATA%\nsvb.exe
- <SYSTEM32>\idumigodine_original.exe
- <SYSTEM32>\idumigodine.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- DNS ASK je####.ananikolic.su
- 'je####.ananikolic.su':6000
- ClassName: 'Progman' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''