Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\Start Menu\Programs\Winx64cmd\winx64cmd.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winx64cmd' = '%ALLUSERSPROFILE%\Start Menu\Programs\Winx64cmd\winx64cmd.exe'
- '%ALLUSERSPROFILE%\Start Menu\Programs\Winx64cmd\winx64cmd.exe'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 4
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\Winx64cmd\winx64cmd.exe
- %TEMP%\aut1.tmp
- %TEMP%\file
- %ALLUSERSPROFILE%\Start Menu\Programs\Winx64cmd\winx64cmd.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'ua#.ovpn.to':2567
- 'ru#.ovpn.to':3337
- 'ro#.ovpn.to':5423
- '95.##1.213.42':5444
- 'md#.ovpn.to':8656
- DNS ASK ua#.ovpn.to
- DNS ASK ru#.ovpn.to
- DNS ASK md#.ovpn.to
- DNS ASK ro#.ovpn.to
- ClassName: 'Indicator' WindowName: '(null)'