Техническая информация
Вредоносные функции
Запускает на исполнение
- '%WINDIR%\syswow64\taskkill.exe' /F /IM VPNMaster.exe /T
- '%WINDIR%\syswow64\taskkill.exe' /F /IM masterconfig.exe /T
- '%WINDIR%\syswow64\taskkill.exe' /F /IM tun2socks.exe /T
- '%WINDIR%\syswow64\taskkill.exe' /F /IM xpntroj.exe /T
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\tempmastervpn\vpnmasterinst_guard.exe
- %ProgramFiles(x86)%\vpnmaster\start\icons\pubg@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ro@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ro@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ru@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ru@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\sa@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\sa@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\se@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\se@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\sg@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\sg@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\skygo@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\skygo@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\pubg@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pubg@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\skygo@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\stream@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ve@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ve@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\us@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\us@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ua@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pa@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ua@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\tw@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\tr@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\tr@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\th@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\th@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\stream@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\stream@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\pt@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pt@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pl@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\it@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\it@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\jp@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\jp@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\kr@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\kr@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\lv@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\lv@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\mx@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\mx@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\my@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\my@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\mytf1@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\mytf1@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\in@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\mytf1@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pl@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\netflix@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\netflix@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\nl@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\nl@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\no@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\no@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\tw@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\optimal@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\vn@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pandora@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pandora@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\pandora@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ph@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ph@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\pa@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\static\img\page_loading.9e5a8ab3.gif
- %ProgramFiles(x86)%\vpnmaster\xpntroj\vcruntime140.dll
- %ProgramFiles(x86)%\vpnmaster\start\icons\za@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-7d1d9158.43bf2c5a.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-94741bb0.03e30328.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-97b5fdae.3494f33f.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-97b5fdae.66864f46.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-97b5fdae.ff280acb.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-commons.a6654945.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-elementui.c66d9073.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-libs.83eda45e.js
- %ProgramFiles(x86)%\vpnmaster\locales\en-gb.pak
- %ProgramFiles(x86)%\vpnmaster\locales\en-us.pak
- %ProgramFiles(x86)%\vpnmaster\locales\zh-cn.pak
- %ProgramFiles(x86)%\vpnmaster\locales\zh-tw.pak
- %ProgramFiles(x86)%\vpnmaster\doh\dnscrypt-proxy.toml
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-7ceb7dd8.9251d297.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-7ceb7dd8.ce952834.js
- %ProgramFiles(x86)%\vpnmaster\doh\master_doh.exe
- %ProgramFiles(x86)%\vpnmaster\newclientdl\clientdl.exe
- %ProgramFiles(x86)%\vpnmaster\xpntroj\libssl-1_1.dll
- %ProgramFiles(x86)%\vpnmaster\xpntroj\libcrypto-1_1.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\zbar.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\uv-mbed.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\ssr.exe
- %ProgramFiles(x86)%\vpnmaster\start\icons\vn@3x.png
- %ProgramFiles(x86)%\vpnmaster\ssr\ssr-client-lib.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\mbedtls.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\libuv.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\libsodium.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\libiconv.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\libprivoxy.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\json-c.dll
- %ProgramFiles(x86)%\vpnmaster\ssr\bloom.dll
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-7cd00695.a9eaebdd.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-68ee0f44.7d775f88.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-6555ed21.b840e75f.js
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-11e2ea60.2c2a71be.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-19d0fd9a.16a90b4a.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-28dc2716.cf9bb91c.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-3076fd37.381500d5.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-6555ed21.f4a1443e.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-7cd00695.16fcb55e.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-7ceb7dd8.dd6e48ad.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-7d1d9158.fc646fa8.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-94741bb0.181efc5b.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-97b5fdae.b44f85ec.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-97b5fdae.e42b3214.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-commons.162459d4.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-elementui.6e6b3a01.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\chunk-libs.b57e4bfb.css
- %ProgramFiles(x86)%\vpnmaster\start\static\css\app.3a3f30d6.css
- %ProgramFiles(x86)%\vpnmaster\start\static\fonts\element-icons.535877f5.woff
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-3076fd37.9605e540.js
- %ProgramFiles(x86)%\vpnmaster\start\static\fonts\element-icons.732389de.ttf
- %ProgramFiles(x86)%\vpnmaster\start\static\img\bg_vip_big.ffa630ca.png
- %ProgramFiles(x86)%\vpnmaster\start\static\img\discount_bg.f5ef7812.png
- %ProgramFiles(x86)%\vpnmaster\start\static\img\error.0d370505.png
- %ProgramFiles(x86)%\vpnmaster\start\static\img\helmet_free.8962fc35.png
- %ProgramFiles(x86)%\vpnmaster\start\static\img\helmet_premium.cb9887b7.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\in@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\static\img\loading.3663fdf5.gif
- %ProgramFiles(x86)%\vpnmaster\start\icons\za@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\static\js\app.d8ca580c.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-11e2ea60.bf18ac5e.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-19d0fd9a.5eea3770.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-28dc2716.e319e0f0.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\chunk-3076fd37.60018b0f.js
- %ProgramFiles(x86)%\vpnmaster\start\static\js\app.750e0e34.js
- %ProgramFiles(x86)%\vpnmaster\ssr\privoxy_config.txt
- %ProgramFiles(x86)%\vpnmaster\start\icons\il@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hu@3x.png
- %ProgramFiles(x86)%\vpnmaster\data\proxyip.dat
- %ProgramFiles(x86)%\vpnmaster\data\plan.dat
- %ProgramFiles(x86)%\vpnmaster\data\lang.lang
- %ProgramFiles(x86)%\vpnmaster\data\04d72b664e8689f0
- %ProgramFiles(x86)%\vpnmaster\data\win-master.json
- %ProgramFiles(x86)%\vpnmaster\data\remote_config_defaults.json
- %ProgramFiles(x86)%\vpnmaster\driver32\libeay32.dll
- %ProgramFiles(x86)%\vpnmaster\driver32\libpkcs11-helper-1.dll
- %ProgramFiles(x86)%\vpnmaster\driver32\lzo2.dll
- %ProgramFiles(x86)%\vpnmaster\driver32\ssleay32.dll
- %ProgramFiles(x86)%\vpnmaster\driver32\tap-windows.exe
- %ProgramFiles(x86)%\vpnmaster\driver32\vpncore.exe
- %ProgramFiles(x86)%\vpnmaster\driver32\driver_win7_x64\oemvista.inf
- %ProgramFiles(x86)%\vpnmaster\data\master.cfg
- %ProgramFiles(x86)%\vpnmaster\data\sdata.dat
- %ProgramFiles(x86)%\vpnmaster\driver32\driver_win7_x64\tap0901.cat
- %ProgramFiles(x86)%\vpnmaster\driver32\driver_win7_x64\tap0901.sys
- %ProgramFiles(x86)%\vpnmaster\start\icons\at@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ar@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ar@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ae@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ae@2x.png
- %ProgramFiles(x86)%\vpnmaster\breakpad.dll
- %ProgramFiles(x86)%\vpnmaster\start\index.html
- %ProgramFiles(x86)%\vpnmaster\core\v2ray.exe
- %ProgramFiles(x86)%\vpnmaster\core\v2ctl.exe
- %ProgramFiles(x86)%\vpnmaster\core\tun2socks.exe
- %ProgramFiles(x86)%\vpnmaster\core\usp.exe
- %ProgramFiles(x86)%\vpnmaster\wfpcallout\x64\win7\piawfpcallout.cat
- %ProgramFiles(x86)%\vpnmaster\wfpcallout\x64\win7\piawfpcallout.sys
- %ProgramFiles(x86)%\vpnmaster\wfpcallout\x64\win7\piawfpcallout.inf
- %ProgramFiles(x86)%\vpnmaster\remote_config_data
- %ProgramFiles(x86)%\vpnmaster\icudtl.dat
- %ProgramFiles(x86)%\vpnmaster\vcruntime140.dll
- %TEMP%\tempmastervpn\setup.log
- %TEMP%\tempmastervpn\download.log
- %TEMP%\tempmastervpn\vpnmaster_setup.exe.efdindex
- %TEMP%\tempmastervpn\vpnmaster_setup.exe.teemo
- %TEMP%\nsm5e17.tmp\myinternet.dll
- %TEMP%\nsm5e17.tmp\findprocdll.dll
- %TEMP%\nsm5e17.tmp\nsprocess.dll
- %TEMP%\nsm5e17.tmp\nsexec.dll
- %TEMP%\nsm5e17.tmp\system.dll
- %WINDIR%\syswow64\remote_config_data
- %ProgramFiles(x86)%\vpnmaster\clientdl.exe
- %ProgramFiles(x86)%\vpnmaster\retention.exe
- %ProgramFiles(x86)%\vpnmaster\startup.exe
- %ProgramFiles(x86)%\vpnmaster\vpnmaster.exe
- %TEMP%\tempmastervpn\debug.log
- %ProgramFiles(x86)%\vpnmaster\installtapx64.exe
- %ProgramFiles(x86)%\vpnmaster\rlottie.dll
- %ProgramFiles(x86)%\vpnmaster\installtapx86.exe
- %ProgramFiles(x86)%\vpnmaster\master_vpn-service.exe
- %ProgramFiles(x86)%\vpnmaster\masterconfig.exe
- %ProgramFiles(x86)%\vpnmaster\winuet.exe
- %ProgramFiles(x86)%\vpnmaster\wow_helper.exe
- %ProgramFiles(x86)%\vpnmaster\webview2loader.dll
- %ProgramFiles(x86)%\vpnmaster\start\favicon.png
- %ProgramFiles(x86)%\vpnmaster\winsparkle.dll
- %ProgramFiles(x86)%\vpnmaster\start\icons\at@3x.png
- %ProgramFiles(x86)%\vpnmaster\libegl.dll
- %ProgramFiles(x86)%\vpnmaster\libglesv2.dll
- %ProgramFiles(x86)%\vpnmaster\msvcp140.dll
- %ProgramFiles(x86)%\vpnmaster\myinternet.dll
- %ProgramFiles(x86)%\vpnmaster\payment.dll
- %ProgramFiles(x86)%\vpnmaster\dbghelp.dll
- %ProgramFiles(x86)%\vpnmaster\start\icons\ch@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ie@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc iplayer@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\dz@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ee@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ee@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\es@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\es@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\fi@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\fi@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\for netflix@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\for netflix@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\fox@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\fox@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\fox@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\fr@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\dk@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\dz@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\fr@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\gb@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ie@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\id@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\id@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hulu@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hulu@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\au@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hulu@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hu@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hotstar@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hotstar@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\hotstar@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hk@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\hk@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\gb@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\dk@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\disney+@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\disney+@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc_iplayer@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc_iplayer@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc_iplayer@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc_news@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc_news@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc_news@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\be@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\be@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bg@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bg@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\br@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\br@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bt&p2p@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bbc iplayer@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\bt&p2p@2x.svg
- %ProgramFiles(x86)%\vpnmaster\start\icons\disney+@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bt@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bt@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bt_round@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\bt_round@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ca@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ca@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\il@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\ch@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\au@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\cn@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\co@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\co@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\de@2x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\de@3x.png
- %ProgramFiles(x86)%\vpnmaster\start\icons\cn@2x.png
- %ProgramFiles(x86)%\vpnmaster\xpntroj\xpntroj.exe
Удаляет следующие файлы
- %TEMP%\tempmastervpn\vpnmaster_setup.exe.efdindex
Перемещает следующие файлы
- %TEMP%\tempmastervpn\vpnmaster_setup.exe.teemo в %TEMP%\tempmastervpn\vpnmaster_setup.exe
Сетевая активность
Подключается к
- 'localhost':49179
- 'localhost':49229
- 'localhost':49232
- 'localhost':49234
- 'localhost':49237
- 'localhost':49239
- 'localhost':49241
- 'localhost':49245
- 'localhost':49196
- 'localhost':49248
- 'localhost':49254
- 'localhost':49257
- 'localhost':49259
- 'localhost':49262
- 'localhost':49264
- 'localhost':49267
- '16#.#43.166.128':443
- 'localhost':49224
- 'localhost':49227
- 'localhost':49222
- 'localhost':49219
- 'localhost':49217
- 'ip##pi.com':80
- 'localhost':49184
- 'localhost':49186
- 'ds#####.##.us-east-2.amazonaws.com':443
- 'localhost':49189
- 'localhost':49191
- 'st#####.googleapis.com':443
- 'localhost':49270
- 'localhost':49251
- 'localhost':49194
- '21#.#83.53.174':443
- 'localhost':49202
- 'localhost':49204
- 'localhost':49207
- 'localhost':49209
- 'localhost':49212
- 'localhost':49214
- 'localhost':49181
- 'localhost':49199
- 'localhost':49273
TCP
Запросы HTTP GET
- http://ip##pi.com/json
Другие
- 'localhost':49179
- 'localhost':49229
- 'localhost':49230
- 'localhost':49232
- 'localhost':49234
- 'localhost':49235
- 'localhost':49237
- 'localhost':49239
- 'localhost':49241
- 'localhost':49240
- 'localhost':49242
- 'localhost':49225
- 'localhost':49227
- 'localhost':49245
- 'localhost':49251
- 'localhost':49254
- 'localhost':49257
- 'localhost':49259
- 'localhost':49260
- 'localhost':49262
- 'localhost':49264
- 'localhost':49265
- 'localhost':49267
- '16#.#43.166.128':443
- '21#.#83.53.174':443
- 'localhost':49248
- 'localhost':49224
- 'localhost':49222
- 'localhost':49220
- 'localhost':49182
- 'localhost':49184
- 'localhost':49186
- 'localhost':49187
- 'ds#####.##.us-east-2.amazonaws.com':443
- 'localhost':49189
- 'localhost':49191
- 'localhost':49192
- 'st#####.googleapis.com':443
- 'localhost':49194
- 'localhost':49196
- 'localhost':49181
- 'localhost':49197
- 'localhost':49202
- 'localhost':49204
- 'localhost':49205
- 'localhost':49207
- 'localhost':49209
- 'localhost':49210
- 'localhost':49212
- 'localhost':49214
- 'localhost':49215
- 'localhost':49217
- 'localhost':49219
- 'localhost':49199
- 'localhost':49270
- 'localhost':49273
UDP
- DNS ASK ip##pi.com
- DNS ASK ds#####.##.us-east-2.amazonaws.com
- DNS ASK st#####.googleapis.com
Другое
Ищет следующие окна
- ClassName: 'DownloaderDlg' WindowName: ''
- ClassName: '' WindowName: ''
Создает и запускает на исполнение
- '%TEMP%\tempmastervpn\vpnmasterinst_guard.exe' "<Полный путь к файлу>" --blue_page --show_center1 --channel=guard
- '%TEMP%\tempmastervpn\vpnmaster_setup.exe' /S
- '%ProgramFiles(x86)%\vpnmaster\installtapx64.exe' "%ProgramFiles(x86)%\VPNMaster" /S
Запускает на исполнение
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 1000 5.##8.181.4 (со скрытым окном)
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 1000 17#.#28.31.181 (со скрытым окном)
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 1000 16#.#43.166.128 (со скрытым окном)
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 1000 21#.#83.53.174 (со скрытым окном)
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 1000 20#.#89.196.25 (со скрытым окном)
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 1000 12#.#99.145.124 (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM VPNMaster.exe /T (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM masterconfig.exe /T (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM tun2socks.exe /T (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM xpntroj.exe /T (со скрытым окном)
