Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wnddown' = '%WINDIR%\wnddown.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xeengine' = '"%PROGRAM_FILES%\xeengine\xeengine_m.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Security Service Controller] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\xeengine service] 'Start' = '00000002'
- '%PROGRAM_FILES%\xeengine\xeengine_d.exe'
- '%PROGRAM_FILES%\xeengine\xeengine_i.exe'
- %WINDIR%\dot_auction.ico
- %WINDIR%\dot_11st.ico
- %PROGRAM_FILES%\xeengine\xeengine_s.exe
- %WINDIR%\dot_gmarket.ico
- %WINDIR%\winsecurity.exe
- %WINDIR%\webclient.dll
- %WINDIR%\wnddown.exe
- <SYSTEM32>\msvcr110.dll
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %PROGRAM_FILES%\xeengine\xeengine_i.exe
- %PROGRAM_FILES%\xeengine\xeengine_d.exe
- %PROGRAM_FILES%\xeengine\xeengine_m.exe
- %PROGRAM_FILES%\xeengine\xeengine_u.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'www.se####click.co.kr':80
- www.se####click.co.kr/app/demonConfigUrl
- www.se####click.co.kr/app/appModule
- DNS ASK www.se####click.co.kr
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'