Техническая информация
- [<HKLM>\Software\Classes\Inkfile\shell\open\command] '' = 'WScript.exe "%WINDIR%\inf\ggqfqksrh.ebspi" "%1"'
- [<HKLM>\Software\Classes\qcfile\shell\open\command] '' = 'WScript.exe "%WINDIR%\inf\ggqfqksrh.ebspi" "%1"'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' http://www.54##0.com/9
- %WINDIR%\inf\read.txt
- %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.ink
- C:\about blank.htm
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- C:\about blank.htm
- http://www.54##0.com/9
- http://cr#.#ectigo.com/SectigoRSADomainValidationSecureServerCA.crt
- http://oc##.#ectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECECT%2BnelqlX%2F6wr7XKHvSoUo%3D
- DNS ASK 54##0.com
- DNS ASK cr#.#ectigo.com
- DNS ASK oc##.#ectigo.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''