Техническая информация
- <SYSTEM32>\tasks\autoupdater
- %LOCALAPPDATA%\set-up\autoupdate.xml
- %LOCALAPPDATA%\set-up\wupdater.vbs
- %LOCALAPPDATA%\set-up\nordvpnsetup.exe
- %LOCALAPPDATA%\set-up\wupdater.exe
- %TEMP%\is-coqkk.tmp\nordvpnsetup.tmp
- %TEMP%\setup log 2021-05-26 #001.txt
- %TEMP%\is-v8jrt.tmp\_isetup\_setup64.tmp
- %TEMP%\is-v8jrt.tmp\verifytrust.dll
- %TEMP%\is-v8jrt.tmp\isxdl.dll
- %TEMP%\is-v8jrt.tmp\nord.setup.dll
- 'microsoft.com':80
- 'oc##.#ectigo.com':80
- 'so####eviewz.com':443
- http://oc##.#ectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQ5suEceKjAJbxseAmHFkQ9FrhTWQQUDuE6qFM6MdWKvsG7rWcaA4WtNA4CEQDNjugKbehZGUlxUowne8vR
- DNS ASK microsoft.com
- DNS ASK oc##.#ectigo.com
- DNS ASK so####eviewz.com
- DNS ASK st####.rapidssl.com
- '%LOCALAPPDATA%\set-up\nordvpnsetup.exe'
- '%TEMP%\is-coqkk.tmp\nordvpnsetup.tmp' /SL5="$10020A,22826808,893440,%LOCALAPPDATA%\Set-up\NordVPNSetup.exe"
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\Set-up\WUpdater.vbs"
- '%LOCALAPPDATA%\set-up\wupdater.exe'
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\Set-up\WUpdater.vbs"' (со скрытым окном)
- '%LOCALAPPDATA%\set-up\wupdater.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /XML %LOCALAPPDATA%\Set-up\Autoupdate.xml /TN Autoupdater
- '%WINDIR%\syswow64\schtasks.exe' /Run /TN Autoupdater
- '<SYSTEM32>\taskeng.exe' {5D939EFB-12C5-48B7-B2C5-9A46E18E1EE4} S-1-5-21-1960123792-2022915161-3775307078-1001:dggmxfgtfte\user:Interactive:[1]