Technical Information
- <Current directory>\update.exe <Virus name>
- <Current directory>\update.exe (downloaded from the Internet)
- <Current directory>\update.exe
- %TEMP%\~DF54E9.tmp
- 'bl##.naver.com':80
- 'st####lab.aju33.com':80
- 'localhost':1036
- st####lab.aju33.com/aeos/update.exe
- st####lab.aju33.com/aeos/ver.txt
- DNS ASK bl##.naver.com
- DNS ASK st####lab.aju33.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''