Техническая информация
- %WINDIR%\wincyber.exe (загружен из сети Интернет)
- %WINDIR%\wincyber.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\wincyber[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\@@@CmHin[1]
- 'go.##galive.kr':80
- 'qk#####.dothome.co.kr':80
- 'localhost':1038
- 'cy##t.co.kr':80
- 'su######server.sosiz.com':80
- go.##galive.kr/d/@@@CmHin
- cy##t.co.kr/Today/wincyber.exe
- qk#####.dothome.co.kr/Cyhit/ver.txt
- cy##t.co.kr/bbs/board.php?bo##########
- cy##t.co.kr/bbs/board.php?bo#############
- su######server.sosiz.com/Cyhit/notice.txt
- DNS ASK go.##galive.kr
- DNS ASK qk#####.dothome.co.kr
- DNS ASK cy##t.co.kr
- DNS ASK su######server.sosiz.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''