Technical Information
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\dc71ef0f.exe
- <SYSTEM32>\77cfcedf.exe
- <SYSTEM32>\fe71c3f1.exe
- <SYSTEM32>\a3833a7f.exe
- <SYSTEM32>\f7ef11ff.exe
- <SYSTEM32>\03e35e55.exe
- <SYSTEM32>\61f83fef.exe
- <SYSTEM32>\deec76d7.exe
- <SYSTEM32>\cee7d677.exe
- <SYSTEM32>\383fd3de.exe
- <SYSTEM32>\f8e7fe8d.exe
- <SYSTEM32>\7dffa683.exe
- <SYSTEM32>\7d67d06d.exe
- <SYSTEM32>\7ac60e7e.exe
- <SYSTEM32>\68e85ced.exe
- <SYSTEM32>\6668e7ee.exe
- <SYSTEM32>\d3ef3e6e.exe
- <SYSTEM32>\C1Cad01c.exe
- <SYSTEM32>\33d31C06.exe
- <SYSTEM32>\Ce783ed8.exe
- <SYSTEM32>\531c703c.exe
- <SYSTEM32>\fc37fee8.exe
- <SYSTEM32>\ec80fe7f.exe
- <SYSTEM32>\ff763df6.exe
- <SYSTEM32>\ed57dce7.exe
- <SYSTEM32>\30737Ce3.exe
- <SYSTEM32>\533c7668.exe
- <SYSTEM32>\dc77aC70.exe
- <SYSTEM32>\f6c87aa7.exe
- <SYSTEM32>\c8fffd50.exe
- <SYSTEM32>\1de3fa1d.exe
- <SYSTEM32>\5feef1ec.exe
- <SYSTEM32>\a5d77d73.exe
- <SYSTEM32>\7e7cd873.exe
- <SYSTEM32>\a8deecaf.exe
- <SYSTEM32>\8f3e8317.exe
- <SYSTEM32>\67f3df7d.exe
- <SYSTEM32>\C83de31e.exe
- <SYSTEM32>\ee6d1fac.exe
- <SYSTEM32>\Cd00d65e.exe
- <SYSTEM32>\5adedf7a.exe
- <SYSTEM32>\36e0f0de.exe
- <SYSTEM32>\cd8313ec.exe
- <SYSTEM32>\3e6efee6.exe
- <Current directory>\H.exe
- <SYSTEM32>\ead8f1ee.exe
- <Current directory>\RF.exe
- <Current directory>\Server.exe
- <SYSTEM32>\7e7d6767.exe
- <SYSTEM32>\7ffCdaec.exe
- <SYSTEM32>\1e037f6e.exe
- <SYSTEM32>\6e58dcd3.exe
- <SYSTEM32>\6f7Ce7ec.exe
- <SYSTEM32>\c66f7673.exe
- <SYSTEM32>\53ad8de0.exe
- <SYSTEM32>\57daa071.exe
- <SYSTEM32>\683e85e7.exe
- <SYSTEM32>\c78dd637.exe
- <SYSTEM32>\cc73333a.exe
- <SYSTEM32>\cdd0e5ed.exe
- <SYSTEM32>\c781ddda.exe
- <SYSTEM32>\61773C60.exe
- <SYSTEM32>\C0878f7d.exe
- <SYSTEM32>\7dcCC7e3.exe
- <SYSTEM32>\6f7eCea6.exe
- <SYSTEM32>\e3efe5f5.exe
- <SYSTEM32>\dcfcccc3.exe
- <SYSTEM32>\11e8d608.exe
- <SYSTEM32>\fcf33ce7.exe
- <SYSTEM32>\dff0c8Cd.exe
Modifies file system :
Creates the following files:
- %TEMP%\nss5A.tmp\System.dll
- <SYSTEM32>\7ac60e7e.exe
- <SYSTEM32>\cee7d677.exe
- <SYSTEM32>\68e85ced.exe
- <SYSTEM32>\6668e7ee.exe
- %TEMP%\nss56.tmp\System.dll
- <SYSTEM32>\d3ef3e6e.exe
- %TEMP%\nsz58.tmp\System.dll
- %TEMP%\nsh62.tmp\System.dll
- <SYSTEM32>\a3833a7f.exe
- <SYSTEM32>\77cfcedf.exe
- <SYSTEM32>\dc71ef0f.exe
- %TEMP%\nsp5E.tmp\System.dll
- %TEMP%\nsa5C.tmp\System.dll
- %TEMP%\nsv60.tmp\System.dll
- <SYSTEM32>\fe71c3f1.exe
- <SYSTEM32>\c781ddda.exe
- %TEMP%\nsl4C.tmp\System.dll
- %TEMP%\nsc4E.tmp\System.dll
- <SYSTEM32>\c78dd637.exe
- <SYSTEM32>\53ad8de0.exe
- %TEMP%\nsj48.tmp\System.dll
- <SYSTEM32>\cdd0e5ed.exe
- %TEMP%\nsk4A.tmp\System.dll
- <SYSTEM32>\383fd3de.exe
- <SYSTEM32>\7d67d06d.exe
- <SYSTEM32>\f8e7fe8d.exe
- %TEMP%\nsq54.tmp\System.dll
- %TEMP%\nsh50.tmp\System.dll
- <SYSTEM32>\cc73333a.exe
- <SYSTEM32>\7dffa683.exe
- %TEMP%\nse52.tmp\System.dll
- <SYSTEM32>\a5d77d73.exe
- <SYSTEM32>\5feef1ec.exe
- <SYSTEM32>\531c703c.exe
- <SYSTEM32>\533c7668.exe
- <SYSTEM32>\7e7cd873.exe
- <SYSTEM32>\f6c87aa7.exe
- %TEMP%\nsx74.tmp\System.dll
- <SYSTEM32>\a8deecaf.exe
- <SYSTEM32>\ec80fe7f.exe
- <SYSTEM32>\30737Ce3.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- <SYSTEM32>\ff763df6.exe
- <SYSTEM32>\33d31C06.exe
- <SYSTEM32>\fc37fee8.exe
- <SYSTEM32>\ed57dce7.exe
- <SYSTEM32>\Ce783ed8.exe
- %TEMP%\nsk68.tmp\System.dll
- %TEMP%\nsq66.tmp\System.dll
- %TEMP%\nso6A.tmp\System.dll
- <SYSTEM32>\03e35e55.exe
- <SYSTEM32>\deec76d7.exe
- <SYSTEM32>\61f83fef.exe
- <SYSTEM32>\f7ef11ff.exe
- %TEMP%\nsb64.tmp\System.dll
- <SYSTEM32>\1de3fa1d.exe
- %TEMP%\nsa70.tmp\System.dll
- <SYSTEM32>\dc77aC70.exe
- %TEMP%\nsa72.tmp\System.dll
- %TEMP%\nsj6E.tmp\System.dll
- %TEMP%\nsj6C.tmp\System.dll
- <SYSTEM32>\c8fffd50.exe
- <SYSTEM32>\C1Cad01c.exe
- <SYSTEM32>\c66f7673.exe
- %TEMP%\nsp1E.tmp\System.dll
- %TEMP%\nsa1C.tmp\System.dll
- %TEMP%\nsl20.tmp\System.dll
- <SYSTEM32>\7ffCdaec.exe
- <SYSTEM32>\6e58dcd3.exe
- %TEMP%\nsc18.tmp\System.dll
- <SYSTEM32>\7e7d6767.exe
- %TEMP%\nsc1A.tmp\System.dll
- <SYSTEM32>\ee6d1fac.exe
- %TEMP%\nsf26.tmp\System.dll
- <SYSTEM32>\8f3e8317.exe
- %TEMP%\nse28.tmp\System.dll
- %TEMP%\nsq22.tmp\System.dll
- <SYSTEM32>\3e6efee6.exe
- %TEMP%\nsg24.tmp\System.dll
- <SYSTEM32>\C83de31e.exe
- <Current directory>\H.exe
- %TEMP%\nsx8.tmp\System.dll
- %TEMP%\nsm6.tmp\System.dll
- <Current directory>\RF.exe
- %TEMP%\nsv2.tmp\System.dll
- %TEMP%\nsi4.tmp\System.dll
- <Current directory>\Server.exe
- <SYSTEM32>\1e037f6e.exe
- %TEMP%\nss12.tmp\System.dll
- %TEMP%\nse16.tmp\System.dll
- %TEMP%\nsl14.tmp\System.dll
- %TEMP%\nseC.tmp\System.dll
- %TEMP%\nsfA.tmp\System.dll
- %TEMP%\nshE.tmp\System.dll
- <SYSTEM32>\ead8f1ee.exe
- %TEMP%\nsy3E.tmp\System.dll
- <SYSTEM32>\fcf33ce7.exe
- <SYSTEM32>\dcfcccc3.exe
- <SYSTEM32>\dff0c8Cd.exe
- <SYSTEM32>\C0878f7d.exe
- %TEMP%\nsl3A.tmp\System.dll
- <SYSTEM32>\7dcCC7e3.exe
- %TEMP%\nsu3C.tmp\System.dll
- %TEMP%\nsl46.tmp\System.dll
- <SYSTEM32>\61773C60.exe
- <SYSTEM32>\683e85e7.exe
- <SYSTEM32>\57daa071.exe
- %TEMP%\nsc42.tmp\System.dll
- %TEMP%\nsy40.tmp\System.dll
- %TEMP%\nst44.tmp\System.dll
- <SYSTEM32>\11e8d608.exe
- %TEMP%\nsq30.tmp\System.dll
- %TEMP%\nsh2E.tmp\System.dll
- %TEMP%\nsv32.tmp\System.dll
- <SYSTEM32>\cd8313ec.exe
- %TEMP%\nso2A.tmp\System.dll
- <SYSTEM32>\67f3df7d.exe
- %TEMP%\nst2C.tmp\System.dll
- <SYSTEM32>\36e0f0de.exe
- <SYSTEM32>\6f7eCea6.exe
- %TEMP%\nsx36.tmp\System.dll
- <SYSTEM32>\e3efe5f5.exe
- %TEMP%\nst38.tmp\System.dll
- <SYSTEM32>\5adedf7a.exe
- <SYSTEM32>\Cd00d65e.exe
- <SYSTEM32>\6f7Ce7ec.exe
- %TEMP%\nsc34.tmp\System.dll
Sets the 'hidden' attribute to the following files:
- <SYSTEM32>\dc71ef0f.exe
- <SYSTEM32>\77cfcedf.exe
- <SYSTEM32>\fe71c3f1.exe
- <SYSTEM32>\a3833a7f.exe
- <SYSTEM32>\f7ef11ff.exe
- <SYSTEM32>\03e35e55.exe
- <SYSTEM32>\61f83fef.exe
- <SYSTEM32>\deec76d7.exe
- <SYSTEM32>\cee7d677.exe
- <SYSTEM32>\383fd3de.exe
- <SYSTEM32>\f8e7fe8d.exe
- <SYSTEM32>\7dffa683.exe
- <SYSTEM32>\7d67d06d.exe
- <SYSTEM32>\7ac60e7e.exe
- <SYSTEM32>\68e85ced.exe
- <SYSTEM32>\6668e7ee.exe
- <SYSTEM32>\d3ef3e6e.exe
- <SYSTEM32>\C1Cad01c.exe
- <SYSTEM32>\33d31C06.exe
- <SYSTEM32>\Ce783ed8.exe
- <SYSTEM32>\531c703c.exe
- <SYSTEM32>\fc37fee8.exe
- <SYSTEM32>\ec80fe7f.exe
- <SYSTEM32>\ff763df6.exe
- <SYSTEM32>\ed57dce7.exe
- <SYSTEM32>\30737Ce3.exe
- <SYSTEM32>\533c7668.exe
- <SYSTEM32>\dc77aC70.exe
- <SYSTEM32>\f6c87aa7.exe
- <SYSTEM32>\c8fffd50.exe
- <SYSTEM32>\1de3fa1d.exe
- <SYSTEM32>\5feef1ec.exe
- <SYSTEM32>\a5d77d73.exe
- <SYSTEM32>\7e7cd873.exe
- <SYSTEM32>\a8deecaf.exe
- <SYSTEM32>\8f3e8317.exe
- <SYSTEM32>\67f3df7d.exe
- <SYSTEM32>\C83de31e.exe
- <SYSTEM32>\ee6d1fac.exe
- <SYSTEM32>\Cd00d65e.exe
- <SYSTEM32>\5adedf7a.exe
- <SYSTEM32>\36e0f0de.exe
- <SYSTEM32>\cd8313ec.exe
- <SYSTEM32>\3e6efee6.exe
- <Current directory>\H.exe
- <SYSTEM32>\ead8f1ee.exe
- <Current directory>\RF.exe
- <Current directory>\Server.exe
- <SYSTEM32>\7e7d6767.exe
- <SYSTEM32>\7ffCdaec.exe
- <SYSTEM32>\1e037f6e.exe
- <SYSTEM32>\6e58dcd3.exe
- <SYSTEM32>\6f7Ce7ec.exe
- <SYSTEM32>\c66f7673.exe
- <SYSTEM32>\53ad8de0.exe
- <SYSTEM32>\57daa071.exe
- <SYSTEM32>\683e85e7.exe
- <SYSTEM32>\c78dd637.exe
- <SYSTEM32>\cc73333a.exe
- <SYSTEM32>\cdd0e5ed.exe
- <SYSTEM32>\c781ddda.exe
- <SYSTEM32>\61773C60.exe
- <SYSTEM32>\C0878f7d.exe
- <SYSTEM32>\7dcCC7e3.exe
- <SYSTEM32>\6f7eCea6.exe
- <SYSTEM32>\e3efe5f5.exe
- <SYSTEM32>\dcfcccc3.exe
- <SYSTEM32>\11e8d608.exe
- <SYSTEM32>\fcf33ce7.exe
- <SYSTEM32>\dff0c8Cd.exe
Deletes the following files:
- %TEMP%\~DFC245.tmp
- %TEMP%\nsz58.tmp\System.dll
- %TEMP%\~DF72CD.tmp
- %TEMP%\~DF2929.tmp
- %TEMP%\nss5A.tmp\System.dll
- %TEMP%\~DF43A7.tmp
- %TEMP%\~DF5996.tmp
- %TEMP%\~DF9BE.tmp
- %TEMP%\~DFE150.tmp
- %TEMP%\nss56.tmp\System.dll
- %TEMP%\~DF443E.tmp
- %TEMP%\~DF9C8A.tmp
- %TEMP%\~DF26BA.tmp
- %TEMP%\~DF2789.tmp
- %TEMP%\~DFE6BE.tmp
- %TEMP%\~DF4C7E.tmp
- %TEMP%\~DFAD34.tmp
- %TEMP%\~DF4787.tmp
- %TEMP%\nsv60.tmp\System.dll
- %TEMP%\~DFE54D.tmp
- %TEMP%\~DF24CE.tmp
- %TEMP%\~DFF15F.tmp
- %TEMP%\nsa5C.tmp\System.dll
- %TEMP%\~DF282C.tmp
- %TEMP%\~DFF13B.tmp
- %TEMP%\~DF7A04.tmp
- %TEMP%\nsp5E.tmp\System.dll
- %TEMP%\~DF6A36.tmp
- %TEMP%\~DF55B6.tmp
- %TEMP%\~DFD4E2.tmp
- %TEMP%\nsl4C.tmp\System.dll
- %TEMP%\nsc4E.tmp\System.dll
- %TEMP%\~DF3DDA.tmp
- %TEMP%\~DF2186.tmp
- %TEMP%\~DFE144.tmp
- %TEMP%\~DFDEC5.tmp
- %TEMP%\nsk4A.tmp\System.dll
- %TEMP%\~DFEA5B.tmp
- %TEMP%\~DFF849.tmp
- %TEMP%\~DFABDF.tmp
- %TEMP%\~DF1A53.tmp
- %TEMP%\~DFBA44.tmp
- %TEMP%\~DF73F8.tmp
- %TEMP%\~DF28A2.tmp
- %TEMP%\~DF5095.tmp
- %TEMP%\~DF756.tmp
- %TEMP%\~DF4B15.tmp
- %TEMP%\~DF1E23.tmp
- %TEMP%\nsq54.tmp\System.dll
- %TEMP%\nsh50.tmp\System.dll
- %TEMP%\~DFBCFD.tmp
- %TEMP%\~DF585D.tmp
- %TEMP%\~DFA6B8.tmp
- %TEMP%\nse52.tmp\System.dll
- %TEMP%\~DF1298.tmp
- %TEMP%\~DF3B1F.tmp
- %TEMP%\~DFBB39.tmp
- %TEMP%\nsa72.tmp\System.dll
- %TEMP%\~DFE619.tmp
- %TEMP%\~DF34BF.tmp
- %TEMP%\~DFBE92.tmp
- %TEMP%\nsx74.tmp\System.dll
- %TEMP%\~DF5FC1.tmp
- %TEMP%\nsa70.tmp\System.dll
- %TEMP%\~DFD8C2.tmp
- %TEMP%\~DF4670.tmp
- %TEMP%\~DFAD18.tmp
- %TEMP%\~DFFBC9.tmp
- %TEMP%\~DF558E.tmp
- %TEMP%\~DF43A3.tmp
- %TEMP%\~DF77C5.tmp
- %TEMP%\~DFAC8F.tmp
- %TEMP%\~DFBF9F.tmp
- %TEMP%\~DF8EBF.tmp
- %TEMP%\~DFF446.tmp
- %TEMP%\~DFF836.tmp
- %TEMP%\~DF64C2.tmp
- %TEMP%\~DFFF42.tmp
- %TEMP%\~DFAB82.tmp
- %TEMP%\~DF52B6.tmp
- %TEMP%\~DF72E.tmp
- %TEMP%\~DFC680.tmp
- %TEMP%\~DFAC9B.tmp
- %TEMP%\~DF6B9B.tmp
- %TEMP%\~DF8EEC.tmp
- %TEMP%\~DF93EC.tmp
- %TEMP%\nsq66.tmp\System.dll
- %TEMP%\~DF8EB1.tmp
- %TEMP%\~DF3C16.tmp
- %TEMP%\~DF1378.tmp
- %TEMP%\nsk68.tmp\System.dll
- %TEMP%\~DF714B.tmp
- %TEMP%\~DF88B.tmp
- %TEMP%\~DF85E0.tmp
- %TEMP%\nsh62.tmp\System.dll
- %TEMP%\~DF1CCC.tmp
- %TEMP%\nsb64.tmp\System.dll
- %TEMP%\~DF835B.tmp
- %TEMP%\~DFCBB1.tmp
- %TEMP%\~DF8F20.tmp
- %TEMP%\~DF3139.tmp
- %TEMP%\~DF6EF1.tmp
- %TEMP%\nsj6E.tmp\System.dll
- %TEMP%\~DFBA01.tmp
- %TEMP%\nsj6C.tmp\System.dll
- %TEMP%\~DF86EB.tmp
- %TEMP%\~DF14EA.tmp
- %TEMP%\~DF3F17.tmp
- %TEMP%\~DF4FD5.tmp
- %TEMP%\~DF6402.tmp
- %TEMP%\nso6A.tmp\System.dll
- %TEMP%\~DF3136.tmp
- %TEMP%\~DF977C.tmp
- %TEMP%\nsq22.tmp\System.dll
- %TEMP%\~DFFEAD.tmp
- %TEMP%\~DF482F.tmp
- %TEMP%\~DF2E37.tmp
- %TEMP%\~DFEA0C.tmp
- %TEMP%\nsg24.tmp\System.dll
- %TEMP%\nsp1E.tmp\System.dll
- %TEMP%\~DF38B5.tmp
- %TEMP%\~DF6D1E.tmp
- %TEMP%\~DF893A.tmp
- %TEMP%\~DF9160.tmp
- %TEMP%\nsl20.tmp\System.dll
- %TEMP%\~DFE73C.tmp
- %TEMP%\~DF9D47.tmp
- %TEMP%\~DF814A.tmp
- %TEMP%\nso2A.tmp\System.dll
- %TEMP%\~DFECB8.tmp
- %TEMP%\nsh2E.tmp\System.dll
- %TEMP%\~DFF899.tmp
- %TEMP%\nst2C.tmp\System.dll
- %TEMP%\~DF7166.tmp
- %TEMP%\nsf26.tmp\System.dll
- %TEMP%\~DFAE8F.tmp
- %TEMP%\nse28.tmp\System.dll
- %TEMP%\~DF7507.tmp
- %TEMP%\~DF2BFE.tmp
- %TEMP%\~DFF4C8.tmp
- %TEMP%\~DF6D01.tmp
- %TEMP%\nseC.tmp\System.dll
- %TEMP%\~DF294A.tmp
- %TEMP%\nshE.tmp\System.dll
- %TEMP%\~DF3060.tmp
- %TEMP%\~DFF776.tmp
- %TEMP%\~DFB171.tmp
- %TEMP%\nsm6.tmp\System.dll
- %TEMP%\nsi4.tmp\System.dll
- %TEMP%\nsv2.tmp\System.dll
- %TEMP%\~DFA021.tmp
- %TEMP%\nsfA.tmp\System.dll
- %TEMP%\~DFE58F.tmp
- %TEMP%\nsx8.tmp\System.dll
- %TEMP%\~DF596F.tmp
- %TEMP%\nsc18.tmp\System.dll
- %TEMP%\~DF7177.tmp
- %TEMP%\nsc1A.tmp\System.dll
- %TEMP%\~DF1A59.tmp
- %TEMP%\nsa1C.tmp\System.dll
- %TEMP%\~DFBBE2.tmp
- %TEMP%\~DF483D.tmp
- %TEMP%\nss12.tmp\System.dll
- %TEMP%\~DF6A84.tmp
- %TEMP%\nsl14.tmp\System.dll
- %TEMP%\~DF409A.tmp
- %TEMP%\~DFEBA8.tmp
- %TEMP%\nse16.tmp\System.dll
- %TEMP%\nsc42.tmp\System.dll
- %TEMP%\~DF8D1.tmp
- %TEMP%\nsy40.tmp\System.dll
- %TEMP%\~DF9A12.tmp
- %TEMP%\~DFA6C0.tmp
- %TEMP%\~DF6952.tmp
- %TEMP%\~DF9A78.tmp
- %TEMP%\~DFBB38.tmp
- %TEMP%\~DF726D.tmp
- %TEMP%\~DF6575.tmp
- %TEMP%\~DF8E32.tmp
- %TEMP%\~DF8AB0.tmp
- %TEMP%\nsy3E.tmp\System.dll
- %TEMP%\nsu3C.tmp\System.dll
- %TEMP%\~DF6793.tmp
- %TEMP%\~DF40C2.tmp
- %TEMP%\nsl46.tmp\System.dll
- %TEMP%\~DFBF0B.tmp
- %TEMP%\~DFF781.tmp
- %TEMP%\~DFE0B2.tmp
- %TEMP%\nsj48.tmp\System.dll
- %TEMP%\~DF7504.tmp
- %TEMP%\nst44.tmp\System.dll
- %TEMP%\~DFC479.tmp
- %TEMP%\~DF95CB.tmp
- %TEMP%\~DF7655.tmp
- %TEMP%\~DFA775.tmp
- %TEMP%\~DFE085.tmp
- %TEMP%\~DFA0FF.tmp
- %TEMP%\nsv32.tmp\System.dll
- %TEMP%\~DF3AA5.tmp
- %TEMP%\nsc34.tmp\System.dll
- %TEMP%\~DF32D0.tmp
- %TEMP%\~DF59F4.tmp
- %TEMP%\~DF3248.tmp
- %TEMP%\~DF7640.tmp
- %TEMP%\~DFAE42.tmp
- %TEMP%\~DF5D49.tmp
- %TEMP%\nsq30.tmp\System.dll
- %TEMP%\~DF72AB.tmp
- %TEMP%\~DFA486.tmp
- %TEMP%\~DF3866.tmp
- %TEMP%\~DFB61F.tmp
- %TEMP%\~DFF16E.tmp
- %TEMP%\~DF7CB7.tmp
- %TEMP%\nsl3A.tmp\System.dll
- %TEMP%\~DF39CF.tmp
- %TEMP%\~DFF97B.tmp
- %TEMP%\~DF1931.tmp
- %TEMP%\~DF1FAE.tmp
- %TEMP%\~DFD7F9.tmp
- %TEMP%\nsx36.tmp\System.dll
- %TEMP%\~DF2E5D.tmp
- %TEMP%\nst38.tmp\System.dll
- %TEMP%\~DFA620.tmp
- %TEMP%\~DF3DC6.tmp
Network activity:
Connects to:
- 'localhost':1131
- 'localhost':1132
- 'localhost':1129
- 'localhost':1130
- 'localhost':1141
- 'localhost':1142
- 'localhost':1133
- 'localhost':1137
- 'localhost':1128
- 'localhost':1115
- 'localhost':1116
- 'localhost':1110
- 'localhost':1114
- 'localhost':1119
- 'localhost':1127
- 'localhost':1117
- 'localhost':1118
- 'localhost':1146
- 'localhost':1163
- 'localhost':1164
- 'localhost':1159
- 'localhost':1160
- 'localhost':1170
- 'localhost':1172
- 'localhost':1166
- 'localhost':1168
- 'localhost':1156
- 'localhost':1150
- 'localhost':1151
- 'localhost':1148
- 'localhost':1149
- 'localhost':1154
- 'localhost':1155
- 'localhost':1152
- 'localhost':1153
- 'localhost':1058
- 'localhost':1063
- 'localhost':1056
- 'localhost':1057
- 'localhost':1069
- 'localhost':1070
- 'localhost':1064
- 'localhost':1066
- 'localhost':1054
- 'localhost':1040
- 'localhost':1043
- 'bl##.naver.com':80
- 'localhost':1038
- 'localhost':1048
- 'localhost':1051
- 'localhost':1044
- 'localhost':1047
- 'localhost':1074
- 'localhost':1097
- 'localhost':1101
- 'localhost':1092
- 'localhost':1096
- 'localhost':1107
- 'localhost':1108
- 'localhost':1102
- 'localhost':1104
- 'localhost':1091
- 'localhost':1079
- 'localhost':1082
- 'localhost':1075
- 'localhost':1078
- 'localhost':1088
- 'localhost':1090
- 'localhost':1083
- 'localhost':1087
TCP:
HTTP GET requests:
- bl##.naver.com/PostView.nhn?bl################################################################################################################################################################################################
UDP:
- DNS ASK bl##.naver.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
