Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '78c3f41e66e57697cb0f063c5b808ae6' = '"%TEMP%\CCleaner.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '78c3f41e66e57697cb0f063c5b808ae6' = '"%TEMP%\CCleaner.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\CCleaner.exe" "CCleaner.exe" ENABLE
- %TEMP%\ccleaner.exe
- 'ea#####htane.ddns.net':1177
- DNS ASK ea#####htane.ddns.net
- '%TEMP%\ccleaner.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\CCleaner.exe" "CCleaner.exe" ENABLE' (with hidden window)