Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Virus119' = '%PROGRAM_FILES%\Virus119.co.kr\Virus119Dmn.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\showpopup[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\settle[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\specialcut[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\updaterVersion[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\use[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\use[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\version[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\use[1]
- 'vi###119.co.kr':80
- 'up####.virus119.co.kr':80
- up####.virus119.co.kr/version/showpopup
- vi###119.co.kr/settle.php?st############################
- up####.virus119.co.kr/version/specialcut
- up####.virus119.co.kr/version/use
- up####.virus119.co.kr/version/version
- up####.virus119.co.kr/version/updaterVersion
- DNS ASK vi###119.co.kr
- DNS ASK up####.virus119.co.kr
- ClassName: 'virus119_controller' WindowName: 'virus119_controller'