애드웨어 정보2016.09.13 11:30

Network Application Express 애드웨어는 LuckyTool, SubShop, DreamPrime 등의 다수의 변종 내지는 변칙적인 애드웨어를 유포한 조직의 후속작으로 확인이 되고 있다. 이들은 아래와 같이 소수의 변종을 유포하고 있으며, 광고를 원하는 회사, 사이트와의 제휴에 따라 추가적인 변종을 생성 및 유포할 것으로 보인다. 


검색 도우미 : Network Application Express - Jabra


검색 도우미 : Network Application Express - Transfer


검색 도우미 : Network Application Express - Kakaru


검색 도우미 : Network Application Express - Godzilla


검색 도우미 : Network Application Express - Firebase



뭐 자세한건 벌새님이 다 작성하셨으니 패스하고, 본 글에서는 Network Application Express 애드웨어가 사용하는 암호화된 값이 저장되어져 있는 php 파일을 Decrypt한 내용만을 올리고자 한다. 대략 요약하면 광고 행위 수행에 필요한 사이트 및 값 로드 , 경쟁사 애드웨어 프로그램 제거, 각종 분석도구 및 (주)이스트소프트 체크잇 체크 정도로 이해해주면 될 것 같다.


nao.php


run=1#1#1#1#1#0#1#0@


cpc=test#cpc.dll#MainStart#CloseMain#0@


dll=smartpush#smartpush.dll#InitAdModule#CloseADModule#1@

dll=clickpop#clickpop.dll#InitAdModule#CloseADModule#0@


time=5000#1000#1000#5000#5000@


day=1@


nae



nar.php - 프로그램 및 프로세스, 캡션(클래스?) 체크 리스트


run=1#1#1@


program=C:\Program Files\Microsoft Visual Studio 11.0@

program=C:\Program Files\Microsoft Visual Studio 12.0@

program=C:\Program Files\Microsoft Visual Studio 13.0@

program=C:\Program Files\Microsoft Visual Studio 14.0@

program=C:\Program Files (x86)\Microsoft Visual Studio 11.0@

program=C:\Program Files (x86)\Microsoft Visual Studio 12.0@

program=C:\Program Files (x86)\Microsoft Visual Studio 13.0@

program=C:\Program Files (x86)\Microsoft Visual Studio 14.0@

program=C:\Program Files (x86)\NSIS@

program=C:\Program Files (x86)\Microsoft SDKs@

program=C:\Program Files\ESTsoft\CheckIt@


process=skywidgeter.exe@

process=snoopspy.exe@

process=wireshark.exe@

process=taskmgr.exe@

process=fiddler.exe@

process=spyxx.exe@

process=rpcapd.exe@

process=CheckIt.exe@

process=mmc.exe@

process=bdcam.exe@

process=ALCapture.exe@

process=Kalmuri.exe@


caption=Fiddler@

caption=SnoopSpy@

caption=Wireshark@

caption=Spy++@


nae



nad.php - Network Application Express 사이트들



http://schemeexpress.com@

http://likesearch.co.kr@

http://hubsexpress.com@

http://subme.co.kr@

http://networek.com@

http://netwoquk.com@

http://newlike.co.kr@

http://veinonline.com@

http://clientprocess.net@

http://myestuary.com@

http://s7ream.com@

http://causalagency.com@

http://showlike.co.kr@

http://myirritant.com@

http://semanticrole.com@

http://whaleonline.net@

http://hoased.com@

http://hostofnieces.com@

http://museumhosts.com@

http://hostsfrance.com@

http://bizguy.co.kr@

http://novellonline.com@

http://mynovell.com@

http://globetheta.net@

http://livebuy.co.kr@

http://allyahoo.com@

http://myamazoncom.com@

http://systemofrules.com@

http://sys73m.com@

http://izara.co.kr@

http://allframework.com@

http://twoys.net@

http://operamoon.net@

http://comicmon.net@

http://mycodomain.com@

http://iplayshop.co.kr@

http://fassed.com@

http://pinggroup.net@

http://pingguide.com@

http://sidelink.co.kr@

http://shoprobbery.com@

http://pollshows.com@

http://mycosine.com@

http://liketravel.co.kr@

http://mentoonline.com@

http://goodkey.co.kr@

http://workforceto.com@

http://volunteersto.com@

http://whogroup.net@


nas.php - 광고 리스트


url=escrow.gmarket.co.kr@

url=search.gmarket.co.kr@

url=category.gmarket.co.kr@

url=signinssl.gmarket.co.kr@


url=11st.co.kr/html/bestSellerMain@

url=11st.co.kr/product@

url=deal.11st.co.kr@

url=buy.11st.co.kr/pay/OrderInfoAction.tmall@

url=login.11st.co.kr@

url=search.11st.co.kr@

url=11st.co.kr/html/category@


url=corners.auction.co.kr@

url=itempage3.auction.co.kr@

url=ssl.auction.co.kr@

url=member.auction.co.kr@

url=search.auction.co.kr@

url=auction.co.kr/category@

url=through.auction.co.kr@

url=buy.auction.co.kr@


url=gsshop.com/deal@

url=gsshop.com/customer@

url=gsshop.com/prd@

url=gsshop.com/cart@

url=gsshop.com:444@


url=cjmall.com/prd@

url=cjmall.com/login@

url=cjmall.com/order@


url=hyundaihmall.com/front/pda@

url=hyundaihmall.com/front/cob@

url=hyundaihmall.com/front/odb@


url=kyobobook.co.kr/product@

url=order.kyobobook.co.kr/cart@

url=order.kyobobook.co.kr/order@


url=shinsegaemall.ssg.com/item@

url=member.ssg.com/member/popup@

url=pay.ssg.com/cart/@

url=pay.ssg.com/order@


url=emart.ssg.com/item@

url=member.ssg.com/member/popup@

url=pay.ssg.com/cart@

url=pay.ssg.com/nodcsnOrder@


url=lotte.com/coop@

url=lotte.com/goods@

url=lotte.com/cart@

url=lotte.com/order@


url=cjonmart.net/shopping@

url=cjonmart.net/login@


url=kshop.co.kr/category@

url=kshop.co.kr/display@

url=kshop.co.kr/customer/login@


url=immall.co.kr/goods@

url=immall.co.kr/login@

url=immall.co.kr/cart@


url=wizwid.com/CSW/handler/wizwid/kr/Login@

url=wizwid.com/CSW/handler/wizwid/kr/ShopProduct@

url=wizwid.com/CSW/handler/wizwid/kr/Basket@


url=99flower.co.kr@

url=99flower.co.kr/prog/member@

url=99flower.co.kr/prog/shopping@


url=gabangpop.co.kr/app/product@

url=gabangpop.co.kr/app/membership@

url=gabangpop.co.kr/app@

url=gabangpop.co.kr/app/order@


url=louisclub.com/fr/product@

url=louisclub.com/fr/manager@

url=louisclub.com/fr/order@


url=shoemarker.co.kr/home@

url=shoemarker.co.kr/home/member@

url=shoemarker.co.kr/home/cart@

url=shoemarker.co.kr/home/order@


url=needscom.com/shop@

url=needscom.com/bbs@


url=selstar.co.kr/shop/shopdetail.html?branduid@

url=selstar.co.kr/shop@


url=e-himart.co.kr/app@

url=secure.e-himart.co.kr/app@

url=secure.e-himart.co.kr/app/order@


url=lotteimall.com/goods@

url=lotteimall.com/member/login@

url=lotteimall.com/cart@

url=secure.lotteimall.com/order@


url=akmall.com/goods@

url=akmall.com/login/@

url=akmall.com/order@


url=galleria.co.kr/item@

url=galleria.co.kr/auth@

url=galleria.co.kr/cart@

url=galleria.co.kr/order@


url=ggbc.co.kr/goods@

url=ggbc.co.kr/member@

url=ggbc.co.kr/order@


url=moulian.com/shop/shopdetail@

url=moulian.com/shop/member@

url=moulian.com/shop/basket@

url=moulian.com/shop/order@


url=dailymonday.com/shop/shopdetail@

url=dailymonday.com/shop/member@

url=dailymonday.com/shop/basket@

url=dailymonday.com/shop/order@


url=letzgo.co.kr/member/loginForm@


url=allcredit.co.kr@


url=nsmall.com/ProductDisplay?cate2Code@

url=nsmall.com/LogonPopForm?catalogId@

url=nsmall.com/AjaxOrderItemDisplayView@

url=nsmall.com/NSOrderSheet@


url=mall.epost.go.kr/goods.RetrieveEcGoodsDetailInfo.mall@

url=epost.go.kr//usr/login@

url=mall.epost.go.kr/purchase.sbox.RetrieveAllGoods.mall@

url=mall.epost.go.kr/purchase.sbox.RetrieveCart.mall@


url=babosarang.co.kr/product@

url=babosarang.co.kr/login@

url=babosarang.co.kr/cart@

url=babosarang.co.kr/cart@


url=boribori.co.kr/Detail?PrstCd@

url=member.boribori.co.kr/Login@

url=boribori.co.kr/Shopping@

url=boribori.co.kr/Order@


url=muindomall.co.kr/muindo/goods@

url=muindomall.co.kr/muindo/member@


url=lovetoky.co.kr/content@


url=bananamall.co.kr/shopping@

url=bananamall.co.kr/home@

url=bananamall.co.kr/menu@

url=bananamall.co.kr/shopping@


url=sangdogagu.co.kr/shop@


url=halfclub.com/Detail@

url=member.halfclub.com/Login@

url=halfclub.com/Shopping@

url=halfclub.com/Order@


url=ogage.co.kr/Detail@

url=member.ogage.co.kr/login@

url=ogage.co.kr/Cart@

url=ogage.co.kr/Order@


url=fashionplus.co.kr/mall/goods@

url=fashionplus.co.kr/mall/login@

url=fashionplus.co.kr/mall/member@


url=istyle24.com/Display@

url=istyle24.com/PopUp@

url=istyle24.com/Order@


url=store.musinsa.com/app@

url=musinsa.com/index.php@


url=outdous.halfclub.com/Detail@

url=member.halfclub.com/Login@

url=outdous.halfclub.com/Shopping@

url=outdous.halfclub.com/Order@


url=expedia.co.kr/user@

url=expedia.co.kr/scratchpad@

url=expedia.co.kr/HotelCheckout@


url=bandinlunis.com/front/product@

url=bandinlunis.com/front/formLogin@

url=bandinlunis.com/front/order@


url=gabia.com/login@

url=domain.gabia.com@

url=webhosting.gabia.com@

url=idc.gabia.com@

url=biz.gabia.com@

url=freehome.gabia.com/service@


url=leadcorp.co.kr@


url=babilloan.com@


url=edu.jungchul.com/campus@

url=jungchul.com/jungchulWeb/Membership@

url=edu.jungchul.com/mypage@

url=edu.jungchul.com/app@


url=ticketmonster.co.kr/deallist@

url=ticketmonster.co.kr/deal@

url=login.ticketmonster.co.kr@

url=order.ticketmonster.co.kr@


url=njoyny.com@

url=xkeeper.com@

url=flower365.com@

url=study4you.co.kr@

url=reportbada.co.kr@

url=bondisk.co.kr@

url=applefile.com@

url=yesfile.com@

url=filedok.com@

url=filejo.com@

url=lottorich.co.kr@

url=xxxshop.co.kr@


cookie=gmarket.co.kr#jaehuid=200004796#jaehu_200004796_id=0zLFLZLNUL@

cookie=11st.co.kr#XSITE=1000840394#XSITE_DETAIL=0zLFLZLNUL@

cookie=auction.co.kr#BN00138973@

cookie=gsshop.com#0zLFLZLNUL@

cookie=cjmall.com#0zLFLZLNUL@

cookie=shinsegaemall.ssg.com#CKWHERE=s_ilikeclick#D0000001591@

cookie=emart.ssg.com#CKWHERE=ilikeclick#D0000000342@

cookie=lotte.com#CHLNO=145631#CHLDTLNO=2913637@

cookie=kshop.co.kr#c_a_id=0zLFLZLNUL@

cookie=ticketmonster.co.kr#a_id=0zLFLZLNUL@


target=emart.ssg.com#http://cl.ilikeclick.com/?dts_code=100280476520473826000022740000000000000@

target=11st.co.kr#http://click.dotmap.co.kr/?pf_code=100014100730100261@

target=hyundaihmall.com#http://click.dotmap.co.kr/?pf_code=100044100730100278@

target=kyobobook.co.kr#http://click.dotmap.co.kr/?pf_code=100049100730100283@

target=cjonmart.net#http://click.dotmap.co.kr/?pf_code=100032100730100266@

target=immall.co.kr#http://click.dotmap.co.kr/?pf_code=100271100730100596@


target=wizwid.com#http://cl.ilikeclick.com/?dts_code=100543876520473826000022740000000000000@

target=99flower.co.kr#http://cl.ilikeclick.com/?dts_code=100817096520473826000022740000000000000@

target=gabangpop.co.kr#http://cl.ilikeclick.com/?dts_code=101326106520473826000022740000000000000@

target=louisclub.com#http://cl.ilikeclick.com/?dts_code=101997501220473826000060391200000000000@

target=shoemarker.co.kr#http://cl.ilikeclick.com/?dts_code=102145106520473826000022740000000000000@

target=moulian.com#http://cl.ilikeclick.com/?dts_code=101302496520473826000022740000000000000@

target=dailymonday.com#http://cl.ilikeclick.com/?dts_code=101973106520473826000022740000000000000@

target=selstar.co.kr#http://cl.ilikeclick.com/?dts_code=102143726520473826000022740000000000000@

target=needscom.com#http://cl.ilikeclick.com/?dts_code=100773096520473826000022740000000000000@

target=e-himart.co.kr#http://cl.ilikeclick.com/?dts_code=101285296520473826000022740000000000000@

target=allcredit.co.kr#http://cl.ilikeclick.com/?dts_code=101434906520473826000022740000000000000@

target=ggstory.com#http://cl.ilikeclick.com/?dts_code=102127916520473826000022740000000000000@

target=nsmall.com#http://cl.ilikeclick.com/?dts_code=100084636520473826000022740000000000000@

target=lotteimall.com#http://cl.ilikeclick.com/?dts_code=100160631220473826000060391200000000000@

target=akmall.com#http://cl.ilikeclick.com/?dts_code=100226276520473826000022740000000000000@

target=shinsegaemall.ssg.com#http://cl.ilikeclick.com/?dts_code=100278676520473826000022740000000000000@

target=emart.ssg.com#http://cl.ilikeclick.com/?dts_code=100280476520473826000022740000000000000@

target=mall.epost.go.kr#http://cl.ilikeclick.com/?dts_code=100364906520473826000022740000000000000@

target=galleria.co.kr#http://cl.ilikeclick.com/?dts_code=101542906520473826000022740000000000000@

target=lotte.com#http://cl.ilikeclick.com/?dts_code=101638306520473826000022740000000000000@

target=babosarang.co.kr#http://cl.ilikeclick.com/?dts_code=102159106520473826000022740000000000000@

target=ggbc.co.kr#http://cl.ilikeclick.com/?dts_code=102192906520473826000022740000000000000@

target=boribori.co.kr#http://cl.ilikeclick.com/?dts_code=101043696520473826000022740000000000000@

target=letzgo.co.kr#http://cl.ilikeclick.com/?dts_code=102550106520473826000022740000000000000@

target=muindomall.co.kr#http://cl.ilikeclick.com/?dts_code=101121306520473267000022740000000000000@

target=lovetoky.co.kr#http://cl.ilikeclick.com/?dts_code=101252706520473826000022740000000000000@

target=bananamall.co.kr#http://cl.ilikeclick.com/?dts_code=101268106520473826000022740000000000000@

target=sangdogagu.co.kr#http://cl.ilikeclick.com/?dts_code=100836306520473826000022740000000000000@

target=halfclub.com#http://cl.ilikeclick.com/?dts_code=100175696520473826000022740000000000000@

target=ogage.co.kr#http://cl.ilikeclick.com/?dts_code=100597086520473826000022740000000000000@

target=fashionplus.co.kr#http://cl.ilikeclick.com/?dts_code=100820106520473826000022740000000000000@

target=istyle24.com#http://cl.ilikeclick.com/?dts_code=100919896520473826000022740000000000000@

target=musinsa.com#http://cl.ilikeclick.com/?dts_code=102013516520473826000022740000000000000@

target=seantree.co.kr#http://cl.ilikeclick.com/?dts_code=101959506520473826000022740000000000000@

target=outdous.halfclub.com#http://cl.ilikeclick.com/?dts_code=101515386520473826000022740000000000000@

target=expedia.co.kr#http://cl.ilikeclick.com/?dts_code=102035506520473826000022740000000000000@

target=bandinlunis.com#http://cl.ilikeclick.com/?dts_code=101502116520473826000022740000000000000@

target=gabia.com#http://cl.ilikeclick.com/?dts_code=100552491220473826000060391200000000000@

target=leadcorp.co.kr#http://cl.ilikeclick.com/?dts_code=101012896520473826000022740000000000000@

target=babilloan.com#http://cl.ilikeclick.com/?dts_code=101233496520473826000022740000000000000@

target=jungchul.com#http://cl.ilikeclick.com/?dts_code=102549706520473826000022740000000000000@


target=njoyny.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=njoyny&m_num=211234@

target=xkeeper.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=xkeeper&m_num=161554@

target=flower365.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=flower365&m_num=172484@

target=study4you.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=study4you&m_num=119221@

target=reportbada.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=reportbada&m_num=182998@

target=allcredit.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=allcredit01&m_num=166055@

target=bondisk.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=bondisk&m_num=204937@

target=applefile.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=applefile&m_num=221372@

target=yesfile.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=yesfile&m_num=204899@

target=filedok.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=filedok&m_num=211181@

target=filejo.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=filejo&m_num=211167@

target=lottorich.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=lsinfo&m_num=144568@

target=xxxshop.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=jjang12&m_num=204581@


nae


nav.php - 특정 사이트 접속시 휴대폰 로그인 보호 서비스 연결(소액결제)


boot=0#naver.com#5000#0@


url=npg.tgcorp.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_002#2@

url=nxpay.nexon.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=027_001#2@

url=checkplus.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_001#2@

url=ipin.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_001#2@

url=mcharge.mgame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=028_003#2@

url=payment.gnjoy.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=034_001#2@

url=tx.allatpay.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=021_001#2@

url=teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_001#2@

url=pg.billgate.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=002_003#2@

url=pay.billgate.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=002_002#2@

url=ok-name.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=022_001#2@

url=secure.plaync.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=031_002#2@

url=charge.joycity.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=035_001#2@

url=pg.dacom.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=015_002#2@

url=kspay.ksnet.to#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=016_002#2@

url=cash.gametree.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=030_001#2@

url=pay.neowiz.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=026_002#2@

url=mobilecheck.mecross.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=020_001#2@

url=smilepay.ebay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=010_001#2@

url=bill.hangame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=025_001#2@

url=safe.ok-name.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=022_002#2@

url=nbill.netmarble.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=032_001#2@

url=epay.ncsoft.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=031_003#2@

url=mcerti.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=017_001#2@

url=check.namecheck.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_005#2@

url=billgate.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=002_001#2@

url=ipin.ok-name.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=022_003#2@

url=cert.namecheck.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_004#2@

url=vno.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_006#2@

url=aname.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_005#2@

url=cert.impay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=024_001#2@

url=sign.mgame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=028_002#2@

url=nts.checkplus.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_003#2@

url=kmcert.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=006_001#2@

url=cert.a-check.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=009_001#2@

url=wauth.teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_004#2@

url=pg.mnbank.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=018_001#2@

url=web.teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_002#2@

url=bill.mgame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=028_001#2@

url=mup.mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_006#2@

url=kcp.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=008_001#2@

url=pg.ksnet.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=016_001#2@

url=auth.mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_007#2@

url=ncoin.plaync.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=031_006#2@

url=cert.kcp.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=008_003#2@

url=secure.nuguya.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_008#2@

url=ui.teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_003#2@

url=pg.mcash.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_005#2@

url=member.gnjoy.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=034_002#2@

url=xpay.lgdacom.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=015_001#2@

url=cert.vno.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_007#2@

url=bill.hanbiton.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=033_004#2@

url=pay.paytok.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=011_001#2@

url=member.nexon.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=027_002#2@

url=pay.bluepay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=014_001#2@

url=nice.checkplus.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_002#2@

url=members.hangame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=025_002#2@

url=mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_001#2@

url=auth.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_004#2@

url=pay.kcp.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=008_002#2@

url=paypin.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=024_002#2@

url=renew.signgate.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=013_001#2@

url=name.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_002#2@

url=pcc.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_003#2@

url=ssl.daoupay.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=023_001#2@

url=mobile-ok.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=007_001#2@

url=pay.tgcorp.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_003#2@

url=mcash.mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_004#2@

url=vpay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=012_001#2@


nae



nak.php -> 특정 환경에서 작동할 것으로 추정. 경쟁사 프로그램 제거


run=1#1#1#1#1#1#1@

day=2@

process=skywidgeter.exe@

process=Natesearch.exe@

process=topsadon.exe@

process=topsadonagent.exe@

process=webbora.exe@

process=topsadon1c.exe@

process=b_signkeyex.exe@

process=windgdoc.exe@

process=windoguide.exe@

process=windoguideagent.exe@

process=windowstab.exe@

process=wuu.exe@

process=matchtab.exe@

process=smartsearch.exe@

process=wshost.exe@

process=OneTrip.exe@

process=WIESM.exe@

process=popfreeka.exe@

process=gameplaysh.exe@

process=camsv.exe@

process=camhost.exe@

process=camhostmon.exe@

process=camhostupdate.exe@

process=infosearch.exe@

process=smartrun.exe@

process=srhost.exe@

process=happ.exe@

process=microadpop.exe@

process=a_searchlikeex.exe@

process=b_searchlikeex.exe@

process=minilmon.exe@

process=scmon.exe@

process=smartcam.exe@

process=QadPop.exe@

process=QadUpdateService.exe@

process=browser_manager.exe@

process=browser_managers.exe@

process=iCreamService.exe@

process=OutTab.exe@

process=linkguide.exe@

process=smarti.exe@

process=aplink.exe@

process=Lemon.exe@

process=SmartAddress.exe@

process=SmartAddress64.exe@

process=AFlashPlugin.exe@

process=admsvc.exe@

process=BAGuard.exe@

process=baple.exe@

process=BAUpdate.exe@

process=allkt.exe@

process=allkts.exe@

process=TopSpace10Helper.exe@

process=TopSpace10Service.exe@

process=KeywordMap.exe@

process=MBTIPv32.exe@

process=MBTIUPv32.exe@

process=KKeywork.exe@

process=KKeywork_Up.exe@

process=bctclte.exe@

process=msutil.exe@

process=searchrun.exe@

process=upSearchRun.exe@

process=Windowmix.exe@

process=WindowmixUp.exe@

process=wizbiz.exe@

process=wzMon.exe@

process=wskpfcitar.exe@

process=wskpfcitav.exe@

process=pku.exe@

process=wisepopup.exe@

process=wisepopupUpdate.exe@

process=searchlike.exe@

process=searchlikeexb.exe@

process=searchlikeexc.exe@

process=PopClick.exe@

process=pvinc.exe@

process=upvinc.exe@

process=winapp.exe@

process=enkrs.exe@

process=upenkrs.exe@

process=adart.exe@

process=adartex.exe@

process=StickerBox.exe@

process=snbsearch.exe@

process=snbsearchlink.exe@

process=AllKT.exe@

process=signkeyexb.exe@

process=InterPlex.exe@

process=widepop.exe@

process=NewsnPop.exe@

process=iPocket.exe@

process=IEsearchtool.exe@

process=opk.exe@

process=opkagent.exe@

process=newsplus.exe@

process=smartshoper.exe@

process=wsinfurnisr.exe@

process=wsinfurnisv.exe@

process=starad.exe@

process=skywidget.exe@

process=skywidgeted.exe@

process=skywidgets.exe@

process=SbToolN.exe@

process=Hellopop.exe@

process=plusmat.exe@

process=plusvc.exe@

process=savepop.exe@

process=savepopagent.exe@

process=sidebar.exe@

process=sidebars.exe@

process=sbbrpqvum.exe@

process=tstjet.exe@

process=tstsvc.exe@

process=NEWSPOT.exe@

process=searchlikeexa.exe@

process=srvwebbora.exe@

process=fsControlB.exe@

process=browser_agent.exe@

process=browser_agents.exe@

process=exaplc.exe@

process=O2Guard.exe@

process=O2Update.exe@

process=OnOffPop.exe@

process=isaclt.exe@

process=isasvc.exe@

process=poppin.exe@

process=poppind.exe@

process=poppins.exe@

process=popupcom.exe@

process=Network_guide.exe@

process=Network_guides.exe@

process=wscnvcsr.exe@

process=wscnvcsv.exe@

process=wsifvelr.exe@

process=wsifvelv.exe@

process=TopToolN.exe@

process=AutoDBRead.exe@

process=wblinkies.exe@

process=weblinkup.exe@

process=navipex.exe@

process=navipn.exe@

process=svcnavipwin.exe@

process=wdrnavipsvc.exe@

process=ieplusse.exe@

process=WindowsUCFAdAgent.exe@

process=userconfigwindow.exe@

process=wnpugter.exe@

process=wnpugtev.exe@

process=wk_.exe@

process=wkmon.exe@

process=wkp.exe@

process=criteo_pullzip.exe@

process=T-Con.exe@

process=winadopen.exe@

process=spacead.exe@

process=SpaceAdSv.exe@

process=ORUM.exe@

process=OrumMon.exe@

process=window connector.exe@

process=qlauncher.exe@

process=quicktec.exe@

process=SmartWeb.exe@

process=SmartWebAgent.exe@

process=smarttab.exe@

process=smarttabsvc.exe@

process=IEsearchhelp.exe@

process=windosearchagent.exe@

process=windosearchdesk.exe@

process=InbToolN.exe@

process=openpot.exe@

process=WindowsOptimizeS.exe@

process=WindowsOptimizeUp.exe@

process=WindowsOptimizeUpch.exe@

process=winlogo.exe@

process=smartup.exe@

process=smartupdate.exe@

process=SpeedUtil.exe@

process=shoplus.exe@

process=signkey.exe@

process=signkeyexa.exe@

process=TopbTool.exe@

process=exactly.exe@

process=exactlyu.exe@

process=Network_Modus.exe@

process=Network_ModusService.exe@

process=WinCtrCon.exe@

process=WinCtrProc.exe@

process=ADFORCE.exe@

process=SwTool.exe@

process=InwTool.exe@

process=dreamsvc.exe@

process=SLEsperant.exe@

process=SmartPush.exe@

process=SmartPushUpdater.exe@

process=KeyPle.exe@

process=KeyPleUpdater.exe@

process=keypang.exe@

process=serkle.exe@

process=windowsph.exe@

process=windowsphup.exe@

process=Wiseman.exe@

process=WisemanUpdate.exe@

process=wmsn.exe@

process=wmforupdater.exe@

process=newtab.exe@

process=clickup.exe@

process=ieclickup.exe@

process=iesupporter_se.exe@

process=plustabs.exe@

process=plustabsvc.exe@

process=SearchClickDemon.exe@

process=SearchClickMain.exe@

process=SearchClickService.exe@

process=TopHard.exe@

process=gearext.exe@

process=gearexts.exe@

process=gearextu.exe@

process=gemegoput.exe@

process=windowunitpop.exe@

process=windowadvertisement.exe@

process=SmartTip.exe@

process=SmartTipAgent.exe@

process=appis.exe@

process=update.exe@

process=winprovider.exe@

process=winproviders.exe@

process=WiseRunServ.exe@

process=WRUGmon.exe@

process=scun.exe@

process=nskCapp.exe@

process=taskobv.exe@

process=Pccom.exe@

process=PccomUpdate.exe@

process=powersearch.exe@

process=TSLIDE.exe@

process=WRChecker.exe@

process=wrAccess.exe@

process=ckmon.exe@

process=hscmd.exe@

process=qlog.exe@

process=SalesUp.exe@

process=SalesUpMon.exe@


service=srvwebwg@

service=windowstab_mon@

service=MicroSearch Mapping Agents Program@

service=Application IPHelper Service@

service=mctcvwwvvrm@

service=gameplaySV@

service=camsvmonService@

service=camhostmonservice@

service=scmonService@

service=Qad Update Service@

service=browser_managers@

service=allkts@

service=wzMonService@

service=wskpfcitav32@

service=wsinfurnisv32@

service=plusmat@

service=sbbrpqvum@

service=tstsvc32@

service=browser_agents@

service=isasvc32@

service=Network_guides@

service=wscnvcsv32@

service=wsifvel32@

service=Navipop Service@

service=Windows Navipop Diagnostics Service@

service=ieplusService@

service=ieplus Update Service@

service=wnpugtev32@

service=SpaceAdSv@

service=OrumMonService@

service=window connectors@

service=STRunS@

service=Network_ModusService@

service=dreamsv@

service=iesupporter Update Service@

service=plustabs@

service=SearchClick@

service=gemegoput@

service=wppwttssom@

service=WindowsWRMonitoringService@

service=Windows WiseRun Service@


taskschd=mctcvwwvvr@

taskschd=mctcvwwvvrs@

taskschd=mainmctcvwwvvrs@

taskschd=mctcvwwvvrmain@

taskschd=WIESM@

taskschd=Popfreeka@

taskschd=Microadpop@

taskschd=SMARTADDRESS@

taskschd=PopClick@

taskschd=interplex@

taskschd=OKSTART@

taskschd=WindowsStar@

taskschd=swgWin@

taskschd=SkyWidgetSystem@

taskschd=plusmat@

taskschd=Savepop@

taskschd=sbbrpqvus@

taskschd=agentc@

taskschd=agentj@

taskschd=agentu@

taskschd=WinPPins@

taskschd=SystemPoppinS@

taskschd=SWSTART@

taskschd=smartup@

taskschd=smartupdate@

taskschd=SmartPush@

taskschd=Keyple@

taskschd=gesegoput@

taskschd=WindowAdvertisement@

taskschd=STSTART@

taskschd=AppIs@

taskschd=AppIsUpdate@

taskschd=wppwttssos@

taskschd=Pccom@

taskschd=PrimePC@


registry=signkey@

registry=windgdoc@

registry=windgdou@

registry=windoguide@

registry=windoguideagent@

registry=windoguideopt@

registry=WINDOWSTAB_UC@

registry=wuu@

registry=MATCHTAB@

registry=SmartwordChecker@

registry=infosearch@

registry=SmartLauncher@

registry=HappManager@

registry=searchlike@

registry=SmartPage@

registry=MiniLauncher@

registry=QadPop.exe@

registry=browser_manager@

registry=iCreamService@

registry=OutTab@

registry=DTDCert@

registry=ADPlayLink@

registry=IpAgent@

registry=AFlashPlugin@

registry=admsvc@

registry=Bagrd@

registry=TopSpace10@

registry=KeywordMap@

registry=MBTIPv32@

registry=Kkeywork@

registry=bctclte@

registry=searchrun@

registry=WindowmixUpdate@

registry=pk@

registry=pv_inc@

registry=winapp@

registry=Windows Enkrs@

registry=adart@

registry=StickerBox@

registry=managerlinksnb@

registry=interplex@

registry=WIDEPOP@

registry=NewsnPop@

registry=iPocket@

registry=Iesearchtool@

registry=newsplus@

registry=smartshoper.exe@

registry=Skywidget@

registry=skywidget@

registry=SbToolN@

registry=Hellopop@

registry=SIDEBAR@

registry=NEWSPOT@

registry=freeset@

registry=browser_agent@

registry=guardO2@

registry=popupcom@

registry=Network_guide@

registry=TopToolN@

registry=AutoDBRead@

registry=iniweblink@

registry=wordkey@

registry=wkmon@

registry=Criteo@

registry=openhelp@

registry=winopen@

registry=window connector@

registry=quicktec@

registry=Iesearchhelp@

registry=windosearch@

registry=InbToolN@

registry=openpot_openpot@

registry=smartup@

registry=SpeedUtil@

registry=splus@

registry=TopbTool@

registry=exactlyts@

registry=Network_Modus@

registry=WinCtrCon@

registry=WinCtrProc@

registry=ADFORCE@

registry=SwTool@

registry=InwTool@

registry=kp@

registry=searchgoosg@

registry=WINDOWPURCHASE_UC@

registry=mwfor@

registry=newtab@

registry=clickup@

registry=SearchClick@

registry=TopHard@

registry=EXTGEAR@

registry=windowunitpop@

registry=appis.exe@

registry=WiseRunUGm@

registry=WiseRunMonitor@

registry=WiseRunAccess@

registry=RetainGard@

registry=Longan@

registry=nskCapp@

registry=powersearch@

registry=topsadon@

registry=topsadonagent@

registry=WiseRunChecker@

registry=topsadon1u@

registry=topsadonc@

registry=TSLIDE@

registry=Windows Cookiemon@


startup=windowstab@

startup=SmartwordChecker@

startup=infosearch@

startup=topsadon@

startup=topsadonagent@

startup=SmartLauncher@

startup=HappManager@

startup=searchlike@

startup=MiniLMonitor@

startup=QadPop.exe@

startup=browser_manager@

startup=iCreamService@

startup=OutTab@

startup=LinkGuide@

startup=SmartInfo@

startup=ADPlayLink@

startup=IpAgent@

startup=AFlashPlugin@

startup=guardba@

startup=Bagrd@

startup=BAPop@

startup=TopSpace10@

startup=KeywordMap@

startup=MBTIPv32@

startup=MBTIUPv32@

startup=Kkeywork@

startup=KKeywork_Up@

startup=bctclte@

startup=msutil@

startup=searchrun@

startup=upsearchrun@

startup=WindowmixUpdate@

startup=pku@

startup=wisepopupUpdate@

startup=pv_inc@

startup=winapp@

startup=Windows Enkrs@

startup=adart@

startup=StickerBox@

startup=managerlinksnb@

startup=snbsearchlink@

startup=signkey@

startup=interplex@

startup=WIDEPOP@

startup=NewsnPop@

startup=iPocket@

startup=Iesearchtool@

startup=skywidgetRun@

startup=SkywidgetUpDates@

startup=Skywidget@

startup=SIDEBAR@

startup=freesetmon@

startup=freeset@

startup=browser_agent@

startup=exaplc@

startup=guardO2@

startup=O2Pop@

startup=O2grd@

startup=poppin@

startup=PoppinSearchUpDates@

startup=PoppinSstartup@

startup=Network_guide@

startup=wkmon@

startup=wordkey@

startup=Criteo@

startup=T-Con@

startup=winopenhelp@

startup=windosearch@

startup=windosearchagent@

startup=windosearchdesk@

startup=openpot_openpot@

startup=WindowsOptimizeUpdate@

startup=WindowsOptimizeUpCh@

startup=smartup@

startup=smartupdate@

startup=splus@

startup=exactlyts@

startup=exactlytsu@

startup=WinCtrCon@

startup=WinCtrProc@

startup=kp@

startup=Wiseman@

startup=WisemanUpdate@

startup=mwfor@

startup=EXTGEAR@

startup=gearextu@

startup=appis.exe@

startup=update.exe@

startup=windowstab_uc@

startup=Windows Cookiemon@


bho={46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}@

bho={CC01FC6C-B2E6-46A2-A8D6-BEB1644C89D4}@

bho={CC01FC6C-194B-40C2-8050-C4123D25F018}@

bho={71B3701C-3A1D-4C67-A2D3-884CB7FB4317}@


secondary=http://newtab.co.kr/@


nae

Posted by Ec0nomist

댓글을 달아 주세요