Trojan.Siggen26.34090

Техническая информация

Для обеспечения автозапуска и распространения

Модифицирует следующие ключи реестра

[HKLM\SOFTWARE\Classes\nch.videopad\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%1"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.tod\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.thp\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.swf\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.rv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.rmvb\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.rm\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.ogv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.ogg\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.ts4\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.nut\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.nsv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mxf\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mtv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mts\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mqv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.ogm\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.m2ts\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.vob\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKCU\Software\Classes\dssfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind Scribe "%L"'
[HKCU\Software\Classes\dctfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind Scribe "%L"'
[HKCU\Software\Classes\mpdpfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind MixPad "%L"'
[HKCU\Software\Classes\nppfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind ExpressPoints "%L"'
[HKCU\Software\Classes\apjfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind ExpressAnimate "%L"'
[HKCU\Software\Classes\ddpfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind DreamPlan "%L"'
[HKCU\Software\Classes\drpfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind DrawPad "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mpg\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.ts\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKCU\Software\Classes\cdofile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind Crescendo "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.y4m\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.xvid\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.xmv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.wtv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.wmv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.webm\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKCU\Software\Classes\dfxfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind DeskFX "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.vro\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mpeg\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mpe\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mp4v\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.asf\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.divx\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.div\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.dav\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.dat\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.bik\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.avi\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKCU\Software\Classes\ds2file\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind Scribe "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.dvr-ms\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.apng\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.3gpp\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.3gp\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.3g2\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.264\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\Applications\videopad.exe\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.vpj\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.asx\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKCU\Software\Classes\deprojfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind Disketch "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.evo\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.flv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.f4v\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mp4\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mov\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.moov\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mod\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mkv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.mjpeg\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.flc\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.m4v\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.dv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.m2t\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.m2p\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.m1v\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.kmv\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.k3g\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.gif\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKLM\SOFTWARE\Classes\NCH.VideoPad.m2v\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" "%L"'
[HKCU\Software\Classes\spjfile\shell\open\command] '' = '"%ProgramFiles(x86)%\NCH Software\VideoPad\videopad.exe" -extfind PhotoStage "%L"'

Создает или изменяет следующие файлы

<SYSTEM32>\tasks\nch software\videopadsevendays

Изменения в файловой системе

Создает следующие файлы

%TEMP%\rarsfx0\hosts.cmd
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\slideshow software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\video file converter.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\invoice software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\express burn cd, dvd or blu-ray.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\transcription software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\audio file converter.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\video capture software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\audio editing software.lnk
%TEMP%\videopad-1724-1\ffmpeg23.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\video editing software.lnk
%TEMP%\4434.tmp
%ProgramFiles(x86)%\nch software\components\ffmpeg23\swscale-2.nch.dll
%TEMP%\4433.tmp
%ProgramFiles(x86)%\nch software\components\ffmpeg23\avutil-52.nch.dll
%TEMP%\4423.tmp
%ProgramFiles(x86)%\nch software\components\ffmpeg23\avformat-55.nch.dll
%TEMP%\4403.tmp
%ProgramFiles(x86)%\nch software\components\ffmpeg23\avcodec-55.nch.dll
%ProgramFiles(x86)%\nch software\components\ffmpeg23\swresample-0.nch.dll
%TEMP%\4337.tmp
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\multitrack recording software.lnk
%ProgramFiles(x86)%\nch software\videopad\videopadsetup_v16.02.exe
%TEMP%\etilqs_7zsxkkpczkvtmzl
%TEMP%\etilqs_rc7jkw34koc6lkn
%TEMP%\etilqs_rtcgoqalgpazwxc
%TEMP%\etilqs_zphnhggf2pyoqqs
%TEMP%\etilqs_jysd9h86ub2sb4f
%TEMP%\etilqs_uluwo53hptgfwml
%TEMP%\etilqs_xbeym8budlnfyiy
%TEMP%\etilqs_chh2e9p361f4w5o
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\photo editing software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\accounting software.lnk
%HOMEPATH%\favorites\nch software download site.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\classic ftp software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\text expander software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\zip program.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\doxillion document converter.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\house design software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\diagram and flowchart software.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\nch software suite\image file converter.lnk
nul
C:\users\public\desktop\videopad video editor.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\videopad video editor.lnk
C:\users\public\desktop\nch suite.lnk
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\dvb.fontindex
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\app.discroot.crt
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\00000.jar
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\00000.bdjo
%ALLUSERSPROFILE%\nch software\videopad\bdmv\movieobject.bdmv
%ALLUSERSPROFILE%\nch software\videopad\bdmv\index.bdmv
%ProgramFiles(x86)%\nch software\videopad\shellmenub.msix
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\index.bdmv
%ProgramFiles(x86)%\nch software\videopad\shellmenua.msix
%ProgramFiles(x86)%\nch software\videopad\videopad.exe
%TEMP%\n1s\nchdata.dat
%TEMP%\n1s\nchdata.cab
%TEMP%\n1s\nchsetup.exe
%TEMP%\n1s\nchsetup.cab
%TEMP%\rarsfx0\mawto.url
%TEMP%\rarsfx0\setup.exe
%TEMP%\rarsfx0\reg.cmd
%ProgramFiles(x86)%\nch software\videopad\shellmenu.dll
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\movieobject.bdmv
%ALLUSERSPROFILE%\nch software\videopad\bdmv\multititle\id.bdmv
%ALLUSERSPROFILE%\nch software\videopad\bdmv\simpleplay\00000.bdjo
%ProgramFiles(x86)%\nch software\components\mp3el2\lame.exe
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient_list\button1.png
%TEMP%\mp3el2_.cab
%ProgramFiles(x86)%\nch software\videopad\mp3el2.exe
%ALLUSERSPROFILE%\nch software\videopad\templates\znomenus\template.xml
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient_list\template.xml
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient\template.xml
%ALLUSERSPROFILE%\nch software\videopad\templates\znomenus\no_menu.png
%ALLUSERSPROFILE%\nch software\videopad\templates\znomenus\no_menu_icon.png
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient_list\gradient.jpg
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient_list\gradient_icon.png
%ALLUSERSPROFILE%\nch software\videopad\bdmv\simpleplay\00000.jar
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient\gradient.jpg
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient\gradient_button.png
%ALLUSERSPROFILE%\nch software\videopad\templates\gradient\gradient_icon.png
%ALLUSERSPROFILE%\nch software\videopad\templates\templates.xml
%ALLUSERSPROFILE%\nch software\videopad\bdmv\simpleplay\movieobject.bdmv
%ALLUSERSPROFILE%\nch software\videopad\bdmv\simpleplay\index.bdmv
%ALLUSERSPROFILE%\nch software\videopad\bdmv\simpleplay\id.bdmv
%ALLUSERSPROFILE%\nch software\videopad\bdmv\simpleplay\app.discroot.crt
%TEMP%\etilqs_4fvjlitq0e0ofzv
%TEMP%\etilqs_vgu2fpufte8al5z

Удаляет следующие файлы

%TEMP%\n1s\nchdata.cab
%TEMP%\mp3el2_.cab
%ProgramFiles(x86)%\nch software\videopad\mp3el2.exe
%TEMP%\4337.tmp
%TEMP%\4403.tmp
%TEMP%\4423.tmp
%TEMP%\4433.tmp
%TEMP%\4434.tmp
%TEMP%\videopad-1724-1\ffmpeg23.exe
%TEMP%\n1s\nchsetup.exe
%TEMP%\n1s\nchdata.dat
%TEMP%\n1s\nchsetup.cab

Изменяет файл HOSTS.

Сетевая активность

Подключается к

'au####hannel.net':80
'fa###ook.com':443
'fa###ook.com':80
'ya###.opera.com':80
'ma###load.com':443
'si#####ck2.opera.com':443
're###.opera.com':80
'si#####ck2.opera.com':80
'en.###ipedia.org':443
'sd#####es.operacdn.com':443
'en.###ipedia.org':80
'se####.yahoo.com':443
'am##on.com':80
'bing.com':80
'du###uckgo.com':443
'se####.yahoo.com':80
'google.com':80
'au######te.geo.opera.com':80
'localhost':443
'am##on.com':443
'st####.xx.fbcdn.net':443

TCP

Запросы HTTP GET

http://au####hannel.net/components/ffmpeg23.exe
http://re###.opera.com/speeddials/partner/youtube
http://re###.opera.com/speeddials/partner/product
http://re###.opera.com/speeddials/partner/booking_com_us
http://re###.opera.com/speeddials/partner/twitter_us
http://re###.opera.com/speeddials/partner/yahoo
http://re###.opera.com/speeddials/partner/ebay_us
http://re###.opera.com/speeddials/partner/amazon_us
http://www.fa###ook.com/
http://re###.opera.com/speeddials/partner/wikipedia_org_us
http://re###.opera.com/speeddials/partner/facebook
http://ya###.opera.com/favicon.ico
http://re###.opera.com/www.opera.com/firstrun/
http://si#####ck2.opera.com/?ho###################################################
http://en.###ipedia.org/favicon.ico
http://www.am##on.com/favicon.ico
http://se####.yahoo.com/favicon.ico
http://www.bing.com/s/a/bing_p.ico
http://www.google.com/favicon.ico
http://re###.opera.com/favicon.ico
http://www.am##on.com/?ta#########################

Другие

'du###uckgo.com':443
'se####.yahoo.com':443
'am##on.com':443
'en.###ipedia.org':443
'si#####ck2.opera.com':443
'ma###load.com':443
'ya###.opera.com':443
'fa###ook.com':443
'sd#####es.operacdn.com':443
'op##a.com':443
'au######te.geo.opera.com':443
'm.###ebook.com':443
'st####.xx.fbcdn.net':443

UDP

DNS ASK au####hannel.net
DNS ASK ro###.ebay.com
DNS ASK st####.xx.fbcdn.net
DNS ASK m.###ebook.com
DNS ASK sd#####es.operacdn.com
DNS ASK fa###ook.com
DNS ASK op##a.com
DNS ASK ya###.opera.com
DNS ASK ma###load.com
DNS ASK tw##ter.com
DNS ASK re###.opera.com
DNS ASK en.###ipedia.org
DNS ASK bi##.#ikimedia.org
DNS ASK am##on.com
DNS ASK bing.com
DNS ASK du###uckgo.com
DNS ASK se####.yahoo.com
DNS ASK au######te.geo.opera.com
DNS ASK google.com
DNS ASK si#####ck2.opera.com
DNS ASK nl.##hoo.com

Другое

Ищет следующие окна

ClassName: 'EDIT' WindowName: ''
ClassName: 'NCHSoftware_InstanceWindow' WindowName: 'VideoPad'
ClassName: 'NCHSoftware_InstanceChain' WindowName: 'VideoPad'
ClassName: 'NCHSoftware_InstanceInst' WindowName: 'VideoPad'
ClassName: 'NCHSoftware_InstanceBoot' WindowName: 'VideoPad'
ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Opera Software\Opera Stable'

Создает и запускает на исполнение

'%TEMP%\rarsfx0\setup.exe' -LQUIET
'%TEMP%\n1s\nchsetup.exe' -installer "%TEMP%\RarSFX0\setup.exe" -instdata "%TEMP%\n1s\nchdata.dat"
'%ProgramFiles(x86)%\nch software\videopad\mp3el2.exe' -LQUIET -instby fiVideoPad
'%TEMP%\videopad-1724-1\ffmpeg23.exe' -LQUIET -instby coVideoPad
'%ProgramFiles(x86)%\nch software\videopad\videopad.exe' -installsched
'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\hosts.cmd" "' (со скрытым окном)
'%ProgramFiles(x86)%\nch software\videopad\mp3el2.exe' -LQUIET -instby fiVideoPad' (со скрытым окном)
'%TEMP%\videopad-1724-1\ffmpeg23.exe' -LQUIET -instby coVideoPad' (со скрытым окном)
'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\Reg.cmd" "' (со скрытым окном)

Запускает на исполнение

'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\hosts.cmd" "
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.15.1444615133\785828281" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.12.699507515\184491913" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.11.1731341195\1218355513" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.10.1314256534\1009853106" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.9.408838740\502623688" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.8.1673098421\1239800473" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.7.1063560415\1608340009" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' --type=utility --channel="560.4.1222765323\2130906437" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001 /crash-reporter-parent-id=572
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.6.1252986136\2081668063" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.5.161754697\1006021637" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.4.1222765323\2130906437" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --extension-process --enable-we...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --disable-client-side-phishing-...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="560.0.1276055746\777386526" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://mawtoload.com/ /crash-reporter-parent-id=560
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- https://mawtoload.com/
'%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "https://mawtoload.com/"
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\SOFTWARE\NCH Software\VideoPad\Registration" /v Name /t REG_SZ /d "MAWTO" /f
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\SOFTWARE\NCH Software\VideoPad\Registration" /v Key /t REG_SZ /d "mabledvt" /f
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\SOFTWARE\NCH Software\VideoPad\Registration" /v ID /t REG_SZ /d "133701337" /f
'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\Reg.cmd" "
'%WINDIR%\syswow64\ipconfig.exe' /flushdns
'%WINDIR%\syswow64\findstr.exe' /i /c:"secure.nch.com.au" <DRIVERS>\etc\hosts
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.16.1414180155\1696517689" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="560.17.1420120175\780805759" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней