Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KoreaMessenger' = '%PROGRAM_FILES%\KoreaMessenger\6802.exe'
- '%PROGRAM_FILES%\KoreaMessenger\6802.exe'
- %WINDIR%\a737cf58407.lg
- %WINDIR%\Uninst_Korea.exe
- %PROGRAM_FILES%\KoreaMessenger\6802.exe
- 'co####.#oreamessenger.com':80
- 'www.na##r.com':80
- 'lo#.###eamessenger.com':80
- lo#.###eamessenger.com/log-bin/alive.php?ov#############
- co####.#oreamessenger.com/koreamessenger/koreamessenger.php?ov#############
- co####.#oreamessenger.com/koreamessenger/url_info_xml.php
- lo#.###eamessenger.com/log-bin/statics.php?ma#########################################################
- www.na##r.com/
- lo#.###eamessenger.com/log-bin/statics.php?ma###################################################################
- DNS ASK co####.#oreamessenger.com
- DNS ASK www.na##r.com
- DNS ASK lo#.###eamessenger.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'