Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\svchost\svchost.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %APPDATA%\svchost\svchost.exe
- '5.##.74.141':15000
- 'ro#.ovpn.to':15000
- '93.##5.92.236':15000
- '17#.#75.141.74':15000
- '17#.#75.131.106':15000
- DNS ASK ro#.ovpn.to
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'