Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svc' = '%TEMP%\247ad.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\windows.exe
- '%TEMP%\247ad.exe'
- '%TEMP%\1f046.tmp'
- %TEMP%\GoC1.tmp
- %WINDIR%\.log
- %TEMP%\1f046.tmp
- %TEMP%\247ad.exe
- 'go#####.gobest.co.kr':80
- 'er#######alkkcd0tkdgfkore.xyz':80
- 'localhost':1041
- 'ae###########.retrthvbc5678670hgfohhf0htrht.xyz':52328
- 'www.go##st.kr':80
- http://go#####.gobest.co.kr/g-ad-bottom3.php
- http://11#.#11.111.4/data/ver1.txt via er#######alkkcd0tkdgfkore.xyz
- http://www.go##st.kr/goclean/upversion2.dat
- http://go#####.gobest.co.kr/g-ad-top3.php
- DNS ASK go#####.gobest.co.kr
- DNS ASK er#######alkkcd0tkdgfkore.xyz
- DNS ASK ae###########.retrthvbc5678670hgfohhf0htrht.xyz
- DNS ASK www.go##st.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''