Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3ea19dbce8f86fd98c95216756125930' = '"%TEMP%\Process .exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3ea19dbce8f86fd98c95216756125930' = '"%TEMP%\Process .exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\3ea19dbce8f86fd98c95216756125930.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Process .exe" "Process .exe" ENABLE
- %TEMP%\cyber setup.exe
- %TEMP%\windowsapplication1.exe
- %TEMP%\cgsetup_en_fckv2yuxqkwuwtnmsff9.exe
- %TEMP%\process .exe
- %TEMP%\tmp3c8d.tmp.exe
- %TEMP%\installer.log
- 'di##.ddns.net':1902
- 'microsoft.com':80
- 'oc##.#ectigo.com':80
- 'cr#.#ectigo.com':80
- 'do######.cyberghostvpn.com':443
- 'fe######.cyberghostvpn.com':443
- 're##.##berghostvpn.com':443
- 'do######.cyberghostvpn.com':443
- 'fe######.cyberghostvpn.com':443
- DNS ASK di##.ddns.net
- DNS ASK microsoft.com
- DNS ASK oc##.#ectigo.com
- DNS ASK cr#.#ectigo.com
- DNS ASK do######.cyberghostvpn.com
- DNS ASK fe######.cyberghostvpn.com
- DNS ASK re##.##berghostvpn.com
- '%TEMP%\cyber setup.exe'
- '%TEMP%\windowsapplication1.exe'
- '%TEMP%\cgsetup_en_fckv2yuxqkwuwtnmsff9.exe'
- '%TEMP%\process .exe'
- '%TEMP%\tmp3c8d.tmp.exe' "%TEMP%\cgsetup_en_fckv2YUXqkwuwtnMSff9.exe"
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Process .exe" "Process .exe" ENABLE' (со скрытым окном)