Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{PH62M042-1VR0-5845-RT18-PH77K5O6K0VA}] 'StubPath' = 'c:\directory\CyberGate\install\server.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = ''
- '%TEMP%\fichier.exe'
- '<SYSTEM32>\conhost.exe'
- %WINDIR%\Explorer.EXE
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %TEMP%\FFPXOMEV8
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80070422_76a4385aa7fdcd3dc476f7ea51e8ea5565f02fd_044524fd\Report.wer
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- %TEMP%\FFPXOMEV7
- C:\directory\CyberGate\install\server.exe
- %TEMP%\fichier.exe
- %APPDATA%\Roaming\3ACF1CC3\ak.tmp
- %TEMP%\FFPXOMEV2.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %TEMP%\FFPXOMEV8
- %TEMP%\FFPXOMEV2.txt
- %TEMP%\FFPXOMEV7
- '20#.#6.232.182':80
- 'localhost':81
- DNS ASK wa####.microsoft.com
- '22#.0.0.252':5355