Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winshow' = '%APPDATA%\WinShowNH\winshow.exe'
- '%APPDATA%\WinShowNH\winshow.exe' /i /a
- %APPDATA%\WinShowNH\nhopen.dll
- %APPDATA%\WinShowNH\winshow.exe
- %TEMP%\nsb3.tmp\DLLWebCount.dll
- %APPDATA%\WinShowNH\category.dt
- %TEMP%\nsw2.tmp
- %TEMP%\nsb3.tmp\System.dll
- %TEMP%\nsb3.tmp\Math.dll
- 'www.ev###get.co.kr':80
- 'ad#.#dgod.co.kr':80
- ad#.#dgod.co.kr/app/config.php?ap#####
- www.ev###get.co.kr/cnt_proc.php?id#######################################
- ad#.#dgod.co.kr/app/setup.php?ap##################
- DNS ASK www.ev###get.co.kr
- DNS ASK ad#.#dgod.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'TAD_UpdateMainForm' WindowName: ''