Technical Information
Malicious functions
Creates and executes the following
- '%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --type=gpu-process --channel="168.0.728864692\1736291937" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-vendor --gpu...
- '%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --type=renderer --enable-deferred-image-decoding --lang=ru --force-fieldtrials="BackgroundRendererProcesses/Disallow/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePo...
- '%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --type=renderer --enable-deferred-image-decoding --lang=ru --force-fieldtrials="BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptiveP...
- '%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --type=renderer --enable-deferred-image-decoding --lang=ru --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/Captive...
Injects code into
the following user processes:
- chrome.exe
Modifies file system
Creates the following files
- %TEMP%\e9ac.tmp
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\sv\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\sr\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\sl\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\sk\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\ru\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\ro\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\pt_pt\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\th\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\pt_br\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\nl\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\nb\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\lv\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\lt\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\ko\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\ja\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\it\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\pl\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\tr\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\uk\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\vi\messages.json
- %TEMP%\scoped_dir_168_21992\decoded_images
- %TEMP%\scoped_dir_168_21992\crx_install\_metadata\verified_contents.json
- %TEMP%\scoped_dir_168_21992\crx_install\manifest.json
- %TEMP%\scoped_dir_168_21992\crx_install\images\topbar_floating_button_pressed.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\topbar_floating_button_maximize.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\topbar_floating_button_hover.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\topbar_floating_button_close.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\topbar_floating_button.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\icon_16.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\icon_128.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\flapper.gif
- %TEMP%\scoped_dir_168_21992\crx_install\html\craw_window.html
- %TEMP%\scoped_dir_168_21992\crx_install\css\craw_window.css
- %TEMP%\scoped_dir_168_21992\crx_install\craw_window.js
- %TEMP%\scoped_dir_168_21992\crx_install\craw_background.js
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\zh_tw\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\zh_cn\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\id\messages.json
- %TEMP%\scoped_dir_168_21992\decoded_message_catalogs
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\hu\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\hi\messages.json
- %TEMP%\scoped_dir_168_23805\crx_install\_platform_specific\x86-64_ru\hotword.data
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_ru.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_pt-br.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_ko.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_ja.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_it.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\_platform_specific\x86-64_ru\hotword-x86-64.nexe
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_fr.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_en-gb.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_en-au.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_de.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\manifest.json
- %TEMP%\ef2c.tmp
- %TEMP%\scoped_dir_168_23805\e9ac.tmp
- %TEMP%\eeed.tmp
- %TEMP%\scoped_dir_168_23805\crx_install\hotword_es.nmf
- %TEMP%\scoped_dir_168_23805\crx_install\audio\chime.wav
- %TEMP%\scoped_dir_168_23805\crx_install\_metadata\verified_contents.json
- %TEMP%\scoped_dir_168_23805\decoded_images
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\fr\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\fil\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\fi\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\et\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\es_419\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\es\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\en_gb\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\en\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\el\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\de\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\da\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\cs\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\ca\messages.json
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\bg\messages.json
- %TEMP%\scoped_dir_168_21992\ef2c.tmp
- %TEMP%\f44e.tmp
- %TEMP%\scoped_dir_168_23805\decoded_message_catalogs
- %TEMP%\scoped_dir_168_21992\crx_install\_locales\hr\messages.json
- %TEMP%\etilqs_wjj3pxmnfbzecuk
Deletes the following files
- %TEMP%\eeed.tmp
- %TEMP%\scoped_dir_168_23805\decoded_images
- %TEMP%\scoped_dir_168_23805\decoded_message_catalogs
- %TEMP%\scoped_dir_168_23805\e9ac.tmp
- %TEMP%\e9ac.tmp
- %TEMP%\f44e.tmp
- %TEMP%\scoped_dir_168_21992\crx_install\images\icon_128.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\icon_16.png
- %TEMP%\scoped_dir_168_21992\decoded_images
- %TEMP%\scoped_dir_168_21992\decoded_message_catalogs
- %TEMP%\scoped_dir_168_21992\ef2c.tmp
- %TEMP%\ef2c.tmp
Substitutes the following files
- %TEMP%\scoped_dir_168_21992\crx_install\images\icon_128.png
- %TEMP%\scoped_dir_168_21992\crx_install\images\icon_16.png
Network activity
TCP
HTTP GET requests
- http://www.gs##tic.com/chrome/profile_avatars/NothingToDownload
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_footSns1.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_footSns3.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_footSns2.png
- http://st#####.e-himart.co.kr/resources/layout/images/common/new_footLogo.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark0.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark2.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark3.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark4.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark5.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark6.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark7.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/icon/footMark8.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/temp/memMall.jpg
- http://st#####.e-himart.co.kr/resources/layout/images/common/headerSelect.png
- http://st#####.e-himart.co.kr/resources/layout/images/common/ico_search.png
- http://st#####.e-himart.co.kr/contents/goods/00/02/87/14/53/0002871453__AS9413__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/604/imageBanner_1580887919631.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/06/24/67/29/0006246729__243V7Q_H__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/03/25/87/69/0003258769__NA__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393745298.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393975471.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393935000.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393823006.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569394065473.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569394098854.png
- http://st#####.e-himart.co.kr/contents/goods/00/00/02/29/20/0000022920__RT62K7045SL__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/03/93/18/63/0003931863__RQ33R743232__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/00/95/43/92/0000954392__DH10433RX0__M_300_300.jpg
- http://www.e-###art.co.kr/resources/domain/common/deeppro-collect.min.js?15###########
- http://st#####.e-himart.co.kr/contents/goods/00/06/00/54/64/0006005464__NZ63R5340MK__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/01/61/07/30/0001610730__AX60R5580WBD__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/05/40/15/20/0005401520__SM-R820.830__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/06/29/66/42/0006296642__LW15WRF__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/03/82/77/07/0003827707__SM-F907NZKAKOO__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/01/54/28/43/0001542843__MW31085_10972582_1__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_detail.png
- http://st#####.e-himart.co.kr/contents/goods/00/04/93/39/35/0004933935__APRM833-JWK__M_93_93.jpg
- http://www.e-###art.co.kr/resources/layout/js/wiselog/seetoc.js?20####
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_service_2.png
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_service_3.png
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_service_4.png
- http://st#####.e-himart.co.kr/resources/layout/images/bg/bannerFrameBottom.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/stars_bg.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/stars_state.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/arr_link.png
- http://tr#####g.icomas.co.kr/Script/script3.php?ai###############################################################################################################################################...
- http://www.e-###art.co.kr/app/display/showDisplayShop?fr############################################
- http://st#####.e-himart.co.kr/contents/goods/00/00/80/18/46/0000801846__F14SQT.AKOR__M_93_93.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/04/79/16/17/0004791617__MWP22KHA__M_93_93.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/04/70/12/89/0004701289__S340-15-RYZEN5-DOS__M_93_93.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/02/69/29/44/0002692944__CRF-SN570BDC__M_93_93.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/04/13/72/26/0004137226__MW742KHA__M_93_93.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/02/17/06/72/0002170672__HCA-C06JW__M_93_93.jpg
- http://www.e-###art.co.kr/app/display/skyScraper/Ajax?_=#############
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569568726499.png
- http://st#####.e-himart.co.kr/resources/layout/images/bg/bannerFrameTop.png
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_service_1.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_footLink2.gif
- http://www.e-###art.co.kr/resources/layout/images/bg/blackDim40.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_bigNext2.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_bigPrev2.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_round_prev.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/btn_round_next.png
- http://ru#.##usable.net/script/b170928e193251u867/2cef30636c
- http://we####.e-himart.co.kr/wlo/Logging?dv######################################################################################################################################################...
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_special_1.png
- http://st#####.e-himart.co.kr/contents/content/upload/display/2044/ico_special_2.png?ve##########
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_special_3.png
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_special_4.png
- http://st#####.e-himart.co.kr/contents/content/upload/display/887/ico_special_5.png
- http://www.e-###art.co.kr/resources/layout/images/btn/btn_link_arr03.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/ico_play_video2.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/ico_allMenu.png
- http://st#####.e-himart.co.kr/resources/layout/images/icon/gnbNew.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393518568.png
- http://st#####.e-himart.co.kr/resources/layout/css/layout.css?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/layerPop.js?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/respond.js
- http://st#####.e-himart.co.kr/resources/layout/js/validator.js?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/handlebars.runtime-v3.0.3.js
- http://st#####.e-himart.co.kr/resources/domain/main/main.js?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/jquery.cookie.js
- http://st#####.e-himart.co.kr/resources/domain/common/message_hm.js
- http://st#####.e-himart.co.kr/resources/domain/common/netfunnel.js
- http://st#####.e-himart.co.kr/resources/domain/common/ssoMember.js
- http://st#####.e-himart.co.kr/resources/domain/display/display.common.js?ve##############
- http://st#####.e-himart.co.kr/resources/video/js/video.js?ve##############
- http://st#####.e-himart.co.kr/resources/search/js/ark.js
- http://st#####.e-himart.co.kr/resources/layout/js/wiselog/wl6.js
- http://st####.criteo.net/js/ld/ld.js
- http://st#####.e-himart.co.kr/resources/search/js/search.header.js?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/display.js?ve##############
- http://st#####.e-himart.co.kr/resources/domain/common/inflowChannel.js
- http://st#####.e-himart.co.kr/resources/layout/js/jquery.easing.1.3.js
- http://st#####.e-himart.co.kr/resources/layout/css/main.css?ve##############
- http://op##.#codec.co.kr/v5/load_wait.asp?ve#####################################################################################################################################################...
- http://re####ctor.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZDg2QUFVUUNkZlVTT0NHM2tJS2JpQnlWUQ/0.3.0.2_lccekmodgklaepjeofjdjpbminllajkg.crx
- http://r1######5hne6n7s.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZDg2QUFVUUNkZlVTT0NHM2tJS2JpQnlWUQ/0.3.0.2_lccekmodgklaepjeofjdjpbminllajkg.crx?cm########################...
- http://re####ctor.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZjAxQUFXVHlhaFhwNHJ6dDVCakV0NUEyQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
- http://r1######5hnekn7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZjAxQUFXVHlhaFhwNHJ6dDVCakV0NUEyQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cm########################...
- http://op##.#codec.co.kr/favicon.ico
- http://cl.###lick.co.kr/KeywordClickLog_EC.asp?NC################################################################################################################################################...
- http://cl.###lick.co.kr/Referer.asp?re###########################################################################################################################################################...
- http://mp.##nneo.com/setCookie.asp?kw######################################
- http://st#####.e-himart.co.kr/resources/layout/css/jquery-ui.min.css
- http://st#####.e-himart.co.kr/resources/layout/css/display.css?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/jquery.form.min.js
- http://st#####.e-himart.co.kr/resources/video/css/video-js.css?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/jquery-ui.js
- http://st#####.e-himart.co.kr/resources/layout/css/common.css?ve##############
- http://st#####.e-himart.co.kr/resources/layout/js/jquery-1.11.2.min.js
- http://st#####.e-himart.co.kr/resources/domain/display/display.unitExchange.js
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393399427.png
- http://st#####.e-himart.co.kr/resources/domain/common/deeppro-collect.init.js
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/2042/imageBanner_1580956604080.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/2043/imageBanner_1580968278777.jpg
- http://www.e-###art.co.kr/resources/layout/images/tit/todayTitle.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1980/imageBanner_1580891740027.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1980/imageBanner_1577753781246.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1980/imageBanner_1577752283528.jpg
- http://www.e-###art.co.kr/resources/layout/images/btn/layerClose.gif
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1980/imageBanner_1580890758607.jpg
- http://www.e-###art.co.kr/resources/layout/images/bg/bg_blankImg.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1980/imageBanner_1580791109434.jpg
- http://www.e-###art.co.kr/resources/layout/images/btn/bul_notice_better.png
- http://st#####.e-himart.co.kr/contents/goods/00/04/79/35/04/0004793504__AS300DWFA.AKOR__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/goods/00/06/11/56/76/0006115676__DWA-19C1P__M_300_300.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393240829.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569393328859.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/2042/imageBanner_1580956566828.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/1981/imageBanner_1569567500320.png
- http://www.e-###art.co.kr/resources/layout/images/btn/arrNextShadow.png
- http://st#####.e-himart.co.kr/resources/layout/js/jquery.json.min.js
- http://st#####.e-himart.co.kr/resources/layout/js/wiselog/siteoverlay.js
- http://www.e-###art.co.kr/resources/layout/images/btn/btn_top_close.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/layerClose.gif
- http://st#####.e-himart.co.kr/resources/layout/images/common/new_logo.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/884/imageBanner_1569396004036.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/202/imageBanner_1569395741656.png
- http://st#####.e-himart.co.kr/resources/layout/images/btn/arrTopBanner.png
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/851/imageBanner_1579676021475.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/851/imageBanner_1569911904413.jpg
- http://st#####.e-himart.co.kr/contents/content/display/cornerContents/imageBanner/851/imageBanner_1569563727385.jpg
- http://www.e-###art.co.kr/resources/layout/images/btn/arrPrevShadow.png
- http://st#####.e-himart.co.kr/resources/layout/js/conversion.js
- http://st#####.e-himart.co.kr/resources/layout/js/validator.js
- http://st#####.e-himart.co.kr/resources/layout/js/wiselog/install.js
- http://wc#.#aver.net/wcslog.js
- http://st#####.e-himart.co.kr/resources/layout/css/base.css?ve##############
- http://st#####.e-himart.co.kr/contents/goods/00/01/02/57/40/0001025740__UHD55L.__M_93_93.jpg
HTTP POST requests
- http://an####ics.lotte.com/save2
- http://www.e-###art.co.kr/app/display/searchInduceAjax
- http://www.e-###art.co.kr/app/common/commonInfoAjax?fr##################################################################
- http://www.e-###art.co.kr/app/mywish/findOneWishCount/ajax
- http://www.e-###art.co.kr/app/common/cartListCntAjax
- http://www.e-###art.co.kr/app/display/popwordAjax
- http://www.e-###art.co.kr/app/common/myEstimateFixCntAjax
- http://www.e-###art.co.kr/app/display/themeSet/Ajax
- http://www.e-###art.co.kr/app/display/getAlidoGoodsListAjax
- http://www.e-###art.co.kr/app/common/getStorePolcBaseAjax
UDP
- DNS ASK clients2.google.com
- DNS ASK an####ics.lotte.com
- DNS ASK wc#.#aver.net
- DNS ASK st###.#.doubleclick.net
- DNS ASK ap#.#iveicon.kr
- DNS ASK se####.e-himart.co.kr
- DNS ASK go#####analytics.com
- DNS ASK st####.criteo.net
- DNS ASK we####.e-himart.co.kr
- DNS ASK hi###.himart.co.kr
- DNS ASK of####.easypay.co.kr
- DNS ASK wi####.as.criteo.com
- DNS ASK go######s.g.doubleclick.net
- DNS ASK wc#.#aver.com
- DNS ASK ss#####et.criteo.com
- DNS ASK ru#.##usable.net
- DNS ASK me####s.lpoint.com
- DNS ASK st#####.e-himart.co.kr
- DNS ASK go#####agmanager.com
- DNS ASK google.com
- DNS ASK go##le.ru
- DNS ASK go###eapis.com
- DNS ASK op##.#codec.co.kr
- DNS ASK tr######e.googleapis.com
- DNS ASK gs##tic.com
- DNS ASK clients4.google.com
- DNS ASK clients3.google.com
- DNS ASK r1######5hne6n7s.gvt1.com
- DNS ASK r1######5hnekn7z.gvt1.com
- DNS ASK cl.###lick.co.kr
- DNS ASK mp.##nneo.com
- DNS ASK e-###art.co.kr
- DNS ASK tr#####g.icomas.co.kr
- DNS ASK re####ctor.gvt1.com
- DNS ASK tw##ter.com
- 'google.com':443
Miscellaneous
Searches for the following windows
- ClassName: 'Chrome_MessageWindow' WindowName: '%LOCALAPPDATA%\Google\Chrome\User Data'
