Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cleancert' = '%PROGRAM_FILES%\cleancert\cleancert.exe'
- <SYSTEM32>\cmd.exe /c C:\$$wefddweffgfhfddsdf35322098.bat
- %PROGRAM_FILES%\cleancert\cleancert.exe
- C:\$$wefddweffgfhfddsdf35322098.bat
- %TEMP%\00000B2000400000.bin
- %PROGRAM_FILES%\cleancert\ccrtwcher.exe
- %PROGRAM_FILES%\cleancert\ccrthk.dll
- %PROGRAM_FILES%\cleancert\ccrtupdater.exe
- %CommonProgramFiles%\cleancert\ccrtuninst.exe
- %TEMP%\00000B2000400000.bin
- 'cl###cert.co.kr':80
- 'do##.##eancert.co.kr':80
- do##.##eancert.co.kr/ccrtwcher.exe
- do##.##eancert.co.kr/cleancert.exe
- cl###cert.co.kr/app_linkage/app_install.php?ad##############################
- do##.##eancert.co.kr/ccrtuninst.exe
- do##.##eancert.co.kr/update.php
- do##.##eancert.co.kr/ccrthk.dll
- do##.##eancert.co.kr/ccrtupdater.exe
- DNS ASK cl###cert.co.kr
- DNS ASK do##.##eancert.co.kr
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''