Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{f92B23AB-A707-22d2-9CBD-0000F87A469H}] 'StubPath' = '%ALLUSERSPROFILE%\NBNB.exe'
- [<HKLM>\SOFTWARE\Classes\ini|url|chm|vbs\Shell\Open\Command] '' = '"%CommonProgramFiles%\Microsoft Shared\s.exe" "%1"'
- %ALLUSERSPROFILE%\Application Data\system.exe 0
- %ALLUSERSPROFILE%\NBNB.exe -a
- %PROGRAM_FILES%\СёАЧVIP.exe 0
- %ALLUSERSPROFILE%\NBNB.exe
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %ALLUSERSPROFILE%\NBNB.exe
- %ALLUSERSPROFILE%\Application Data\system.exe
- %PROGRAM_FILES%\СёАЧVIP.exe
- %CommonProgramFiles%\Microsoft Shared\s.exe
- 'mu.##oren.com':80
- 'localhost':1036
- mu.##oren.com/xunlei/top.htm
- mu.##oren.com/xunlei/vi%E3%89%B0%E3%88%B2%E3%88%B2%E3%88%B22.htm
- DNS ASK mu.##oren.com
- '<IP-адрес в локальной сети>':1037
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''