Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\cmd.exe' /c netsh firewall set opmode disable
- %TEMP%\EGUNG\E_USERNAME2.png
- %TEMP%\EGUNG\E_USERNAME1.png
- %TEMP%\120161222001202.txt
- %TEMP%\320161222001205.txt
- %TEMP%\220161222001205.txt
- %TEMP%\EGUNG\E_PASSWORD2.png
- %TEMP%\EGUNG\E_TITLE.png
- %TEMP%\EGUNG\E_LINE.png
- %TEMP%\EGUNG\E_LOGIN1.png
- %TEMP%\EGUNG\E_PASSWORD1.png
- %TEMP%\EGUNG\E_LOGIN2.png
- %TEMP%\320161222001205.txt
- %TEMP%\220161222001205.txt
- %TEMP%\120161222001202.txt
- 'ss####.dothome.co.kr':80
- http://ss####.dothome.co.kr/SuddenAttack/USB/Text2.txt
- http://ss####.dothome.co.kr/SuddenAttack/USB/Text1.txt
- http://ss####.dothome.co.kr/SuddenAttack/USB/Server.txt
- DNS ASK ss####.dothome.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32771' WindowName: ''
- ClassName: 'AutoHotkey' WindowName: '<Full path to file>'