Network Application Express 애드웨어는 LuckyTool, SubShop, DreamPrime 등의 다수의 변종 내지는 변칙적인 애드웨어를 유포한 조직의 후속작으로 확인이 되고 있다. 이들은 아래와 같이 소수의 변종을 유포하고 있으며, 광고를 원하는 회사, 사이트와의 제휴에 따라 추가적인 변종을 생성 및 유포할 것으로 보인다.
검색 도우미 : Network Application Express - Jabra
검색 도우미 : Network Application Express - Transfer
검색 도우미 : Network Application Express - Kakaru
검색 도우미 : Network Application Express - Godzilla
검색 도우미 : Network Application Express - Firebase
뭐 자세한건 벌새님이 다 작성하셨으니 패스하고, 본 글에서는 Network Application Express 애드웨어가 사용하는 암호화된 값이 저장되어져 있는 php 파일을 Decrypt한 내용만을 올리고자 한다. 대략 요약하면 광고 행위 수행에 필요한 사이트 및 값 로드 , 경쟁사 애드웨어 프로그램 제거, 각종 분석도구 및 (주)이스트소프트 체크잇 체크 정도로 이해해주면 될 것 같다.
nao.php
run=1#1#1#1#1#0#1#0@
cpc=test#cpc.dll#MainStart#CloseMain#0@
dll=smartpush#smartpush.dll#InitAdModule#CloseADModule#1@
dll=clickpop#clickpop.dll#InitAdModule#CloseADModule#0@
time=5000#1000#1000#5000#5000@
day=1@
nae
nar.php - 프로그램 및 프로세스, 캡션(클래스?) 체크 리스트
run=1#1#1@
program=C:\Program Files\Microsoft Visual Studio 11.0@
program=C:\Program Files\Microsoft Visual Studio 12.0@
program=C:\Program Files\Microsoft Visual Studio 13.0@
program=C:\Program Files\Microsoft Visual Studio 14.0@
program=C:\Program Files (x86)\Microsoft Visual Studio 11.0@
program=C:\Program Files (x86)\Microsoft Visual Studio 12.0@
program=C:\Program Files (x86)\Microsoft Visual Studio 13.0@
program=C:\Program Files (x86)\Microsoft Visual Studio 14.0@
program=C:\Program Files (x86)\NSIS@
program=C:\Program Files (x86)\Microsoft SDKs@
program=C:\Program Files\ESTsoft\CheckIt@
process=skywidgeter.exe@
process=snoopspy.exe@
process=wireshark.exe@
process=taskmgr.exe@
process=fiddler.exe@
process=spyxx.exe@
process=rpcapd.exe@
process=CheckIt.exe@
process=mmc.exe@
process=bdcam.exe@
process=ALCapture.exe@
process=Kalmuri.exe@
caption=Fiddler@
caption=SnoopSpy@
caption=Wireshark@
caption=Spy++@
nae
nad.php - Network Application Express 사이트들
http://schemeexpress.com@
http://likesearch.co.kr@
http://hubsexpress.com@
http://subme.co.kr@
http://networek.com@
http://netwoquk.com@
http://newlike.co.kr@
http://veinonline.com@
http://clientprocess.net@
http://myestuary.com@
http://s7ream.com@
http://causalagency.com@
http://showlike.co.kr@
http://myirritant.com@
http://semanticrole.com@
http://whaleonline.net@
http://hoased.com@
http://hostofnieces.com@
http://museumhosts.com@
http://hostsfrance.com@
http://bizguy.co.kr@
http://novellonline.com@
http://mynovell.com@
http://globetheta.net@
http://livebuy.co.kr@
http://allyahoo.com@
http://myamazoncom.com@
http://systemofrules.com@
http://sys73m.com@
http://izara.co.kr@
http://allframework.com@
http://twoys.net@
http://operamoon.net@
http://comicmon.net@
http://mycodomain.com@
http://iplayshop.co.kr@
http://fassed.com@
http://pinggroup.net@
http://pingguide.com@
http://sidelink.co.kr@
http://shoprobbery.com@
http://pollshows.com@
http://mycosine.com@
http://liketravel.co.kr@
http://mentoonline.com@
http://goodkey.co.kr@
http://workforceto.com@
http://volunteersto.com@
http://whogroup.net@
nas.php - 광고 리스트
url=escrow.gmarket.co.kr@
url=search.gmarket.co.kr@
url=category.gmarket.co.kr@
url=signinssl.gmarket.co.kr@
url=11st.co.kr/html/bestSellerMain@
url=11st.co.kr/product@
url=deal.11st.co.kr@
url=buy.11st.co.kr/pay/OrderInfoAction.tmall@
url=login.11st.co.kr@
url=search.11st.co.kr@
url=11st.co.kr/html/category@
url=corners.auction.co.kr@
url=itempage3.auction.co.kr@
url=ssl.auction.co.kr@
url=member.auction.co.kr@
url=search.auction.co.kr@
url=auction.co.kr/category@
url=through.auction.co.kr@
url=buy.auction.co.kr@
url=gsshop.com/deal@
url=gsshop.com/customer@
url=gsshop.com/prd@
url=gsshop.com/cart@
url=gsshop.com:444@
url=cjmall.com/prd@
url=cjmall.com/login@
url=cjmall.com/order@
url=hyundaihmall.com/front/pda@
url=hyundaihmall.com/front/cob@
url=hyundaihmall.com/front/odb@
url=kyobobook.co.kr/product@
url=order.kyobobook.co.kr/cart@
url=order.kyobobook.co.kr/order@
url=shinsegaemall.ssg.com/item@
url=member.ssg.com/member/popup@
url=pay.ssg.com/cart/@
url=pay.ssg.com/order@
url=emart.ssg.com/item@
url=member.ssg.com/member/popup@
url=pay.ssg.com/cart@
url=pay.ssg.com/nodcsnOrder@
url=lotte.com/coop@
url=lotte.com/goods@
url=lotte.com/cart@
url=lotte.com/order@
url=cjonmart.net/shopping@
url=cjonmart.net/login@
url=kshop.co.kr/category@
url=kshop.co.kr/display@
url=kshop.co.kr/customer/login@
url=immall.co.kr/goods@
url=immall.co.kr/login@
url=immall.co.kr/cart@
url=wizwid.com/CSW/handler/wizwid/kr/Login@
url=wizwid.com/CSW/handler/wizwid/kr/ShopProduct@
url=wizwid.com/CSW/handler/wizwid/kr/Basket@
url=99flower.co.kr@
url=99flower.co.kr/prog/member@
url=99flower.co.kr/prog/shopping@
url=gabangpop.co.kr/app/product@
url=gabangpop.co.kr/app/membership@
url=gabangpop.co.kr/app@
url=gabangpop.co.kr/app/order@
url=louisclub.com/fr/product@
url=louisclub.com/fr/manager@
url=louisclub.com/fr/order@
url=shoemarker.co.kr/home@
url=shoemarker.co.kr/home/member@
url=shoemarker.co.kr/home/cart@
url=shoemarker.co.kr/home/order@
url=needscom.com/shop@
url=needscom.com/bbs@
url=selstar.co.kr/shop/shopdetail.html?branduid@
url=selstar.co.kr/shop@
url=e-himart.co.kr/app@
url=secure.e-himart.co.kr/app@
url=secure.e-himart.co.kr/app/order@
url=lotteimall.com/goods@
url=lotteimall.com/member/login@
url=lotteimall.com/cart@
url=secure.lotteimall.com/order@
url=akmall.com/goods@
url=akmall.com/login/@
url=akmall.com/order@
url=galleria.co.kr/item@
url=galleria.co.kr/auth@
url=galleria.co.kr/cart@
url=galleria.co.kr/order@
url=ggbc.co.kr/goods@
url=ggbc.co.kr/member@
url=ggbc.co.kr/order@
url=moulian.com/shop/shopdetail@
url=moulian.com/shop/member@
url=moulian.com/shop/basket@
url=moulian.com/shop/order@
url=dailymonday.com/shop/shopdetail@
url=dailymonday.com/shop/member@
url=dailymonday.com/shop/basket@
url=dailymonday.com/shop/order@
url=letzgo.co.kr/member/loginForm@
url=allcredit.co.kr@
url=nsmall.com/ProductDisplay?cate2Code@
url=nsmall.com/LogonPopForm?catalogId@
url=nsmall.com/AjaxOrderItemDisplayView@
url=nsmall.com/NSOrderSheet@
url=mall.epost.go.kr/goods.RetrieveEcGoodsDetailInfo.mall@
url=epost.go.kr//usr/login@
url=mall.epost.go.kr/purchase.sbox.RetrieveAllGoods.mall@
url=mall.epost.go.kr/purchase.sbox.RetrieveCart.mall@
url=babosarang.co.kr/product@
url=babosarang.co.kr/login@
url=babosarang.co.kr/cart@
url=babosarang.co.kr/cart@
url=boribori.co.kr/Detail?PrstCd@
url=member.boribori.co.kr/Login@
url=boribori.co.kr/Shopping@
url=boribori.co.kr/Order@
url=muindomall.co.kr/muindo/goods@
url=muindomall.co.kr/muindo/member@
url=lovetoky.co.kr/content@
url=bananamall.co.kr/shopping@
url=bananamall.co.kr/home@
url=bananamall.co.kr/menu@
url=bananamall.co.kr/shopping@
url=sangdogagu.co.kr/shop@
url=halfclub.com/Detail@
url=member.halfclub.com/Login@
url=halfclub.com/Shopping@
url=halfclub.com/Order@
url=ogage.co.kr/Detail@
url=member.ogage.co.kr/login@
url=ogage.co.kr/Cart@
url=ogage.co.kr/Order@
url=fashionplus.co.kr/mall/goods@
url=fashionplus.co.kr/mall/login@
url=fashionplus.co.kr/mall/member@
url=istyle24.com/Display@
url=istyle24.com/PopUp@
url=istyle24.com/Order@
url=store.musinsa.com/app@
url=musinsa.com/index.php@
url=outdous.halfclub.com/Detail@
url=member.halfclub.com/Login@
url=outdous.halfclub.com/Shopping@
url=outdous.halfclub.com/Order@
url=expedia.co.kr/user@
url=expedia.co.kr/scratchpad@
url=expedia.co.kr/HotelCheckout@
url=bandinlunis.com/front/product@
url=bandinlunis.com/front/formLogin@
url=bandinlunis.com/front/order@
url=gabia.com/login@
url=domain.gabia.com@
url=webhosting.gabia.com@
url=idc.gabia.com@
url=biz.gabia.com@
url=freehome.gabia.com/service@
url=leadcorp.co.kr@
url=babilloan.com@
url=edu.jungchul.com/campus@
url=jungchul.com/jungchulWeb/Membership@
url=edu.jungchul.com/mypage@
url=edu.jungchul.com/app@
url=ticketmonster.co.kr/deallist@
url=ticketmonster.co.kr/deal@
url=login.ticketmonster.co.kr@
url=order.ticketmonster.co.kr@
url=njoyny.com@
url=xkeeper.com@
url=flower365.com@
url=study4you.co.kr@
url=reportbada.co.kr@
url=bondisk.co.kr@
url=applefile.com@
url=yesfile.com@
url=filedok.com@
url=filejo.com@
url=lottorich.co.kr@
url=xxxshop.co.kr@
cookie=gmarket.co.kr#jaehuid=200004796#jaehu_200004796_id=0zLFLZLNUL@
cookie=11st.co.kr#XSITE=1000840394#XSITE_DETAIL=0zLFLZLNUL@
cookie=auction.co.kr#BN00138973@
cookie=gsshop.com#0zLFLZLNUL@
cookie=cjmall.com#0zLFLZLNUL@
cookie=shinsegaemall.ssg.com#CKWHERE=s_ilikeclick#D0000001591@
cookie=emart.ssg.com#CKWHERE=ilikeclick#D0000000342@
cookie=lotte.com#CHLNO=145631#CHLDTLNO=2913637@
cookie=kshop.co.kr#c_a_id=0zLFLZLNUL@
cookie=ticketmonster.co.kr#a_id=0zLFLZLNUL@
target=emart.ssg.com#http://cl.ilikeclick.com/?dts_code=100280476520473826000022740000000000000@
target=11st.co.kr#http://click.dotmap.co.kr/?pf_code=100014100730100261@
target=hyundaihmall.com#http://click.dotmap.co.kr/?pf_code=100044100730100278@
target=kyobobook.co.kr#http://click.dotmap.co.kr/?pf_code=100049100730100283@
target=cjonmart.net#http://click.dotmap.co.kr/?pf_code=100032100730100266@
target=immall.co.kr#http://click.dotmap.co.kr/?pf_code=100271100730100596@
target=wizwid.com#http://cl.ilikeclick.com/?dts_code=100543876520473826000022740000000000000@
target=99flower.co.kr#http://cl.ilikeclick.com/?dts_code=100817096520473826000022740000000000000@
target=gabangpop.co.kr#http://cl.ilikeclick.com/?dts_code=101326106520473826000022740000000000000@
target=louisclub.com#http://cl.ilikeclick.com/?dts_code=101997501220473826000060391200000000000@
target=shoemarker.co.kr#http://cl.ilikeclick.com/?dts_code=102145106520473826000022740000000000000@
target=moulian.com#http://cl.ilikeclick.com/?dts_code=101302496520473826000022740000000000000@
target=dailymonday.com#http://cl.ilikeclick.com/?dts_code=101973106520473826000022740000000000000@
target=selstar.co.kr#http://cl.ilikeclick.com/?dts_code=102143726520473826000022740000000000000@
target=needscom.com#http://cl.ilikeclick.com/?dts_code=100773096520473826000022740000000000000@
target=e-himart.co.kr#http://cl.ilikeclick.com/?dts_code=101285296520473826000022740000000000000@
target=allcredit.co.kr#http://cl.ilikeclick.com/?dts_code=101434906520473826000022740000000000000@
target=ggstory.com#http://cl.ilikeclick.com/?dts_code=102127916520473826000022740000000000000@
target=nsmall.com#http://cl.ilikeclick.com/?dts_code=100084636520473826000022740000000000000@
target=lotteimall.com#http://cl.ilikeclick.com/?dts_code=100160631220473826000060391200000000000@
target=akmall.com#http://cl.ilikeclick.com/?dts_code=100226276520473826000022740000000000000@
target=shinsegaemall.ssg.com#http://cl.ilikeclick.com/?dts_code=100278676520473826000022740000000000000@
target=emart.ssg.com#http://cl.ilikeclick.com/?dts_code=100280476520473826000022740000000000000@
target=mall.epost.go.kr#http://cl.ilikeclick.com/?dts_code=100364906520473826000022740000000000000@
target=galleria.co.kr#http://cl.ilikeclick.com/?dts_code=101542906520473826000022740000000000000@
target=lotte.com#http://cl.ilikeclick.com/?dts_code=101638306520473826000022740000000000000@
target=babosarang.co.kr#http://cl.ilikeclick.com/?dts_code=102159106520473826000022740000000000000@
target=ggbc.co.kr#http://cl.ilikeclick.com/?dts_code=102192906520473826000022740000000000000@
target=boribori.co.kr#http://cl.ilikeclick.com/?dts_code=101043696520473826000022740000000000000@
target=letzgo.co.kr#http://cl.ilikeclick.com/?dts_code=102550106520473826000022740000000000000@
target=muindomall.co.kr#http://cl.ilikeclick.com/?dts_code=101121306520473267000022740000000000000@
target=lovetoky.co.kr#http://cl.ilikeclick.com/?dts_code=101252706520473826000022740000000000000@
target=bananamall.co.kr#http://cl.ilikeclick.com/?dts_code=101268106520473826000022740000000000000@
target=sangdogagu.co.kr#http://cl.ilikeclick.com/?dts_code=100836306520473826000022740000000000000@
target=halfclub.com#http://cl.ilikeclick.com/?dts_code=100175696520473826000022740000000000000@
target=ogage.co.kr#http://cl.ilikeclick.com/?dts_code=100597086520473826000022740000000000000@
target=fashionplus.co.kr#http://cl.ilikeclick.com/?dts_code=100820106520473826000022740000000000000@
target=istyle24.com#http://cl.ilikeclick.com/?dts_code=100919896520473826000022740000000000000@
target=musinsa.com#http://cl.ilikeclick.com/?dts_code=102013516520473826000022740000000000000@
target=seantree.co.kr#http://cl.ilikeclick.com/?dts_code=101959506520473826000022740000000000000@
target=outdous.halfclub.com#http://cl.ilikeclick.com/?dts_code=101515386520473826000022740000000000000@
target=expedia.co.kr#http://cl.ilikeclick.com/?dts_code=102035506520473826000022740000000000000@
target=bandinlunis.com#http://cl.ilikeclick.com/?dts_code=101502116520473826000022740000000000000@
target=gabia.com#http://cl.ilikeclick.com/?dts_code=100552491220473826000060391200000000000@
target=leadcorp.co.kr#http://cl.ilikeclick.com/?dts_code=101012896520473826000022740000000000000@
target=babilloan.com#http://cl.ilikeclick.com/?dts_code=101233496520473826000022740000000000000@
target=jungchul.com#http://cl.ilikeclick.com/?dts_code=102549706520473826000022740000000000000@
target=njoyny.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=njoyny&m_num=211234@
target=xkeeper.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=xkeeper&m_num=161554@
target=flower365.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=flower365&m_num=172484@
target=study4you.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=study4you&m_num=119221@
target=reportbada.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=reportbada&m_num=182998@
target=allcredit.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=allcredit01&m_num=166055@
target=bondisk.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=bondisk&m_num=204937@
target=applefile.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=applefile&m_num=221372@
target=yesfile.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=yesfile&m_num=204899@
target=filedok.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=filedok&m_num=211181@
target=filejo.com#http://click.interich.com?a_id=nae6&a_num=1&m_id=filejo&m_num=211167@
target=lottorich.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=lsinfo&m_num=144568@
target=xxxshop.co.kr#http://click.interich.com?a_id=nae6&a_num=1&m_id=jjang12&m_num=204581@
nae
nav.php - 특정 사이트 접속시 휴대폰 로그인 보호 서비스 연결(소액결제)
boot=0#naver.com#5000#0@
url=npg.tgcorp.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_002#2@
url=nxpay.nexon.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=027_001#2@
url=checkplus.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_001#2@
url=ipin.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_001#2@
url=mcharge.mgame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=028_003#2@
url=payment.gnjoy.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=034_001#2@
url=tx.allatpay.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=021_001#2@
url=teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_001#2@
url=pg.billgate.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=002_003#2@
url=pay.billgate.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=002_002#2@
url=ok-name.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=022_001#2@
url=secure.plaync.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=031_002#2@
url=charge.joycity.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=035_001#2@
url=pg.dacom.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=015_002#2@
url=kspay.ksnet.to#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=016_002#2@
url=cash.gametree.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=030_001#2@
url=pay.neowiz.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=026_002#2@
url=mobilecheck.mecross.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=020_001#2@
url=smilepay.ebay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=010_001#2@
url=bill.hangame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=025_001#2@
url=safe.ok-name.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=022_002#2@
url=nbill.netmarble.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=032_001#2@
url=epay.ncsoft.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=031_003#2@
url=mcerti.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=017_001#2@
url=check.namecheck.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_005#2@
url=billgate.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=002_001#2@
url=ipin.ok-name.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=022_003#2@
url=cert.namecheck.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_004#2@
url=vno.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_006#2@
url=aname.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_005#2@
url=cert.impay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=024_001#2@
url=sign.mgame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=028_002#2@
url=nts.checkplus.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_003#2@
url=kmcert.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=006_001#2@
url=cert.a-check.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=009_001#2@
url=wauth.teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_004#2@
url=pg.mnbank.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=018_001#2@
url=web.teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_002#2@
url=bill.mgame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=028_001#2@
url=mup.mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_006#2@
url=kcp.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=008_001#2@
url=pg.ksnet.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=016_001#2@
url=auth.mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_007#2@
url=ncoin.plaync.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=031_006#2@
url=cert.kcp.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=008_003#2@
url=secure.nuguya.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_008#2@
url=ui.teledit.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=001_003#2@
url=pg.mcash.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_005#2@
url=member.gnjoy.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=034_002#2@
url=xpay.lgdacom.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=015_001#2@
url=cert.vno.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_007#2@
url=bill.hanbiton.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=033_004#2@
url=pay.paytok.net#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=011_001#2@
url=member.nexon.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=027_002#2@
url=pay.bluepay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=014_001#2@
url=nice.checkplus.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=005_002#2@
url=members.hangame.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=025_002#2@
url=mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_001#2@
url=auth.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_004#2@
url=pay.kcp.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=008_002#2@
url=paypin.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=024_002#2@
url=renew.signgate.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=013_001#2@
url=name.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_002#2@
url=pcc.siren24.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=003_003#2@
url=ssl.daoupay.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=023_001#2@
url=mobile-ok.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=007_001#2@
url=pay.tgcorp.com#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_003#2@
url=mcash.mobilians.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=004_004#2@
url=vpay.co.kr#http://www.dbfactory.kr/tad/dbfactory.php?uid=25&url_code=012_001#2@
nae
nak.php -> 특정 환경에서 작동할 것으로 추정. 경쟁사 프로그램 제거
run=1#1#1#1#1#1#1@
day=2@
process=skywidgeter.exe@
process=Natesearch.exe@
process=topsadon.exe@
process=topsadonagent.exe@
process=webbora.exe@
process=topsadon1c.exe@
process=b_signkeyex.exe@
process=windgdoc.exe@
process=windoguide.exe@
process=windoguideagent.exe@
process=windowstab.exe@
process=wuu.exe@
process=matchtab.exe@
process=smartsearch.exe@
process=wshost.exe@
process=OneTrip.exe@
process=WIESM.exe@
process=popfreeka.exe@
process=gameplaysh.exe@
process=camsv.exe@
process=camhost.exe@
process=camhostmon.exe@
process=camhostupdate.exe@
process=infosearch.exe@
process=smartrun.exe@
process=srhost.exe@
process=happ.exe@
process=microadpop.exe@
process=a_searchlikeex.exe@
process=b_searchlikeex.exe@
process=minilmon.exe@
process=scmon.exe@
process=smartcam.exe@
process=QadPop.exe@
process=QadUpdateService.exe@
process=browser_manager.exe@
process=browser_managers.exe@
process=iCreamService.exe@
process=OutTab.exe@
process=linkguide.exe@
process=smarti.exe@
process=aplink.exe@
process=Lemon.exe@
process=SmartAddress.exe@
process=SmartAddress64.exe@
process=AFlashPlugin.exe@
process=admsvc.exe@
process=BAGuard.exe@
process=baple.exe@
process=BAUpdate.exe@
process=allkt.exe@
process=allkts.exe@
process=TopSpace10Helper.exe@
process=TopSpace10Service.exe@
process=KeywordMap.exe@
process=MBTIPv32.exe@
process=MBTIUPv32.exe@
process=KKeywork.exe@
process=KKeywork_Up.exe@
process=bctclte.exe@
process=msutil.exe@
process=searchrun.exe@
process=upSearchRun.exe@
process=Windowmix.exe@
process=WindowmixUp.exe@
process=wizbiz.exe@
process=wzMon.exe@
process=wskpfcitar.exe@
process=wskpfcitav.exe@
process=pku.exe@
process=wisepopup.exe@
process=wisepopupUpdate.exe@
process=searchlike.exe@
process=searchlikeexb.exe@
process=searchlikeexc.exe@
process=PopClick.exe@
process=pvinc.exe@
process=upvinc.exe@
process=winapp.exe@
process=enkrs.exe@
process=upenkrs.exe@
process=adart.exe@
process=adartex.exe@
process=StickerBox.exe@
process=snbsearch.exe@
process=snbsearchlink.exe@
process=AllKT.exe@
process=signkeyexb.exe@
process=InterPlex.exe@
process=widepop.exe@
process=NewsnPop.exe@
process=iPocket.exe@
process=IEsearchtool.exe@
process=opk.exe@
process=opkagent.exe@
process=newsplus.exe@
process=smartshoper.exe@
process=wsinfurnisr.exe@
process=wsinfurnisv.exe@
process=starad.exe@
process=skywidget.exe@
process=skywidgeted.exe@
process=skywidgets.exe@
process=SbToolN.exe@
process=Hellopop.exe@
process=plusmat.exe@
process=plusvc.exe@
process=savepop.exe@
process=savepopagent.exe@
process=sidebar.exe@
process=sidebars.exe@
process=sbbrpqvum.exe@
process=tstjet.exe@
process=tstsvc.exe@
process=NEWSPOT.exe@
process=searchlikeexa.exe@
process=srvwebbora.exe@
process=fsControlB.exe@
process=browser_agent.exe@
process=browser_agents.exe@
process=exaplc.exe@
process=O2Guard.exe@
process=O2Update.exe@
process=OnOffPop.exe@
process=isaclt.exe@
process=isasvc.exe@
process=poppin.exe@
process=poppind.exe@
process=poppins.exe@
process=popupcom.exe@
process=Network_guide.exe@
process=Network_guides.exe@
process=wscnvcsr.exe@
process=wscnvcsv.exe@
process=wsifvelr.exe@
process=wsifvelv.exe@
process=TopToolN.exe@
process=AutoDBRead.exe@
process=wblinkies.exe@
process=weblinkup.exe@
process=navipex.exe@
process=navipn.exe@
process=svcnavipwin.exe@
process=wdrnavipsvc.exe@
process=ieplusse.exe@
process=WindowsUCFAdAgent.exe@
process=userconfigwindow.exe@
process=wnpugter.exe@
process=wnpugtev.exe@
process=wk_.exe@
process=wkmon.exe@
process=wkp.exe@
process=criteo_pullzip.exe@
process=T-Con.exe@
process=winadopen.exe@
process=spacead.exe@
process=SpaceAdSv.exe@
process=ORUM.exe@
process=OrumMon.exe@
process=window connector.exe@
process=qlauncher.exe@
process=quicktec.exe@
process=SmartWeb.exe@
process=SmartWebAgent.exe@
process=smarttab.exe@
process=smarttabsvc.exe@
process=IEsearchhelp.exe@
process=windosearchagent.exe@
process=windosearchdesk.exe@
process=InbToolN.exe@
process=openpot.exe@
process=WindowsOptimizeS.exe@
process=WindowsOptimizeUp.exe@
process=WindowsOptimizeUpch.exe@
process=winlogo.exe@
process=smartup.exe@
process=smartupdate.exe@
process=SpeedUtil.exe@
process=shoplus.exe@
process=signkey.exe@
process=signkeyexa.exe@
process=TopbTool.exe@
process=exactly.exe@
process=exactlyu.exe@
process=Network_Modus.exe@
process=Network_ModusService.exe@
process=WinCtrCon.exe@
process=WinCtrProc.exe@
process=ADFORCE.exe@
process=SwTool.exe@
process=InwTool.exe@
process=dreamsvc.exe@
process=SLEsperant.exe@
process=SmartPush.exe@
process=SmartPushUpdater.exe@
process=KeyPle.exe@
process=KeyPleUpdater.exe@
process=keypang.exe@
process=serkle.exe@
process=windowsph.exe@
process=windowsphup.exe@
process=Wiseman.exe@
process=WisemanUpdate.exe@
process=wmsn.exe@
process=wmforupdater.exe@
process=newtab.exe@
process=clickup.exe@
process=ieclickup.exe@
process=iesupporter_se.exe@
process=plustabs.exe@
process=plustabsvc.exe@
process=SearchClickDemon.exe@
process=SearchClickMain.exe@
process=SearchClickService.exe@
process=TopHard.exe@
process=gearext.exe@
process=gearexts.exe@
process=gearextu.exe@
process=gemegoput.exe@
process=windowunitpop.exe@
process=windowadvertisement.exe@
process=SmartTip.exe@
process=SmartTipAgent.exe@
process=appis.exe@
process=update.exe@
process=winprovider.exe@
process=winproviders.exe@
process=WiseRunServ.exe@
process=WRUGmon.exe@
process=scun.exe@
process=nskCapp.exe@
process=taskobv.exe@
process=Pccom.exe@
process=PccomUpdate.exe@
process=powersearch.exe@
process=TSLIDE.exe@
process=WRChecker.exe@
process=wrAccess.exe@
process=ckmon.exe@
process=hscmd.exe@
process=qlog.exe@
process=SalesUp.exe@
process=SalesUpMon.exe@
service=srvwebwg@
service=windowstab_mon@
service=MicroSearch Mapping Agents Program@
service=Application IPHelper Service@
service=mctcvwwvvrm@
service=gameplaySV@
service=camsvmonService@
service=camhostmonservice@
service=scmonService@
service=Qad Update Service@
service=browser_managers@
service=allkts@
service=wzMonService@
service=wskpfcitav32@
service=wsinfurnisv32@
service=plusmat@
service=sbbrpqvum@
service=tstsvc32@
service=browser_agents@
service=isasvc32@
service=Network_guides@
service=wscnvcsv32@
service=wsifvel32@
service=Navipop Service@
service=Windows Navipop Diagnostics Service@
service=ieplusService@
service=ieplus Update Service@
service=wnpugtev32@
service=SpaceAdSv@
service=OrumMonService@
service=window connectors@
service=STRunS@
service=Network_ModusService@
service=dreamsv@
service=iesupporter Update Service@
service=plustabs@
service=SearchClick@
service=gemegoput@
service=wppwttssom@
service=WindowsWRMonitoringService@
service=Windows WiseRun Service@
taskschd=mctcvwwvvr@
taskschd=mctcvwwvvrs@
taskschd=mainmctcvwwvvrs@
taskschd=mctcvwwvvrmain@
taskschd=WIESM@
taskschd=Popfreeka@
taskschd=Microadpop@
taskschd=SMARTADDRESS@
taskschd=PopClick@
taskschd=interplex@
taskschd=OKSTART@
taskschd=WindowsStar@
taskschd=swgWin@
taskschd=SkyWidgetSystem@
taskschd=plusmat@
taskschd=Savepop@
taskschd=sbbrpqvus@
taskschd=agentc@
taskschd=agentj@
taskschd=agentu@
taskschd=WinPPins@
taskschd=SystemPoppinS@
taskschd=SWSTART@
taskschd=smartup@
taskschd=smartupdate@
taskschd=SmartPush@
taskschd=Keyple@
taskschd=gesegoput@
taskschd=WindowAdvertisement@
taskschd=STSTART@
taskschd=AppIs@
taskschd=AppIsUpdate@
taskschd=wppwttssos@
taskschd=Pccom@
taskschd=PrimePC@
registry=signkey@
registry=windgdoc@
registry=windgdou@
registry=windoguide@
registry=windoguideagent@
registry=windoguideopt@
registry=WINDOWSTAB_UC@
registry=wuu@
registry=MATCHTAB@
registry=SmartwordChecker@
registry=infosearch@
registry=SmartLauncher@
registry=HappManager@
registry=searchlike@
registry=SmartPage@
registry=MiniLauncher@
registry=QadPop.exe@
registry=browser_manager@
registry=iCreamService@
registry=OutTab@
registry=DTDCert@
registry=ADPlayLink@
registry=IpAgent@
registry=AFlashPlugin@
registry=admsvc@
registry=Bagrd@
registry=TopSpace10@
registry=KeywordMap@
registry=MBTIPv32@
registry=Kkeywork@
registry=bctclte@
registry=searchrun@
registry=WindowmixUpdate@
registry=pk@
registry=pv_inc@
registry=winapp@
registry=Windows Enkrs@
registry=adart@
registry=StickerBox@
registry=managerlinksnb@
registry=interplex@
registry=WIDEPOP@
registry=NewsnPop@
registry=iPocket@
registry=Iesearchtool@
registry=newsplus@
registry=smartshoper.exe@
registry=Skywidget@
registry=skywidget@
registry=SbToolN@
registry=Hellopop@
registry=SIDEBAR@
registry=NEWSPOT@
registry=freeset@
registry=browser_agent@
registry=guardO2@
registry=popupcom@
registry=Network_guide@
registry=TopToolN@
registry=AutoDBRead@
registry=iniweblink@
registry=wordkey@
registry=wkmon@
registry=Criteo@
registry=openhelp@
registry=winopen@
registry=window connector@
registry=quicktec@
registry=Iesearchhelp@
registry=windosearch@
registry=InbToolN@
registry=openpot_openpot@
registry=smartup@
registry=SpeedUtil@
registry=splus@
registry=TopbTool@
registry=exactlyts@
registry=Network_Modus@
registry=WinCtrCon@
registry=WinCtrProc@
registry=ADFORCE@
registry=SwTool@
registry=InwTool@
registry=kp@
registry=searchgoosg@
registry=WINDOWPURCHASE_UC@
registry=mwfor@
registry=newtab@
registry=clickup@
registry=SearchClick@
registry=TopHard@
registry=EXTGEAR@
registry=windowunitpop@
registry=appis.exe@
registry=WiseRunUGm@
registry=WiseRunMonitor@
registry=WiseRunAccess@
registry=RetainGard@
registry=Longan@
registry=nskCapp@
registry=powersearch@
registry=topsadon@
registry=topsadonagent@
registry=WiseRunChecker@
registry=topsadon1u@
registry=topsadonc@
registry=TSLIDE@
registry=Windows Cookiemon@
startup=windowstab@
startup=SmartwordChecker@
startup=infosearch@
startup=topsadon@
startup=topsadonagent@
startup=SmartLauncher@
startup=HappManager@
startup=searchlike@
startup=MiniLMonitor@
startup=QadPop.exe@
startup=browser_manager@
startup=iCreamService@
startup=OutTab@
startup=LinkGuide@
startup=SmartInfo@
startup=ADPlayLink@
startup=IpAgent@
startup=AFlashPlugin@
startup=guardba@
startup=Bagrd@
startup=BAPop@
startup=TopSpace10@
startup=KeywordMap@
startup=MBTIPv32@
startup=MBTIUPv32@
startup=Kkeywork@
startup=KKeywork_Up@
startup=bctclte@
startup=msutil@
startup=searchrun@
startup=upsearchrun@
startup=WindowmixUpdate@
startup=pku@
startup=wisepopupUpdate@
startup=pv_inc@
startup=winapp@
startup=Windows Enkrs@
startup=adart@
startup=StickerBox@
startup=managerlinksnb@
startup=snbsearchlink@
startup=signkey@
startup=interplex@
startup=WIDEPOP@
startup=NewsnPop@
startup=iPocket@
startup=Iesearchtool@
startup=skywidgetRun@
startup=SkywidgetUpDates@
startup=Skywidget@
startup=SIDEBAR@
startup=freesetmon@
startup=freeset@
startup=browser_agent@
startup=exaplc@
startup=guardO2@
startup=O2Pop@
startup=O2grd@
startup=poppin@
startup=PoppinSearchUpDates@
startup=PoppinSstartup@
startup=Network_guide@
startup=wkmon@
startup=wordkey@
startup=Criteo@
startup=T-Con@
startup=winopenhelp@
startup=windosearch@
startup=windosearchagent@
startup=windosearchdesk@
startup=openpot_openpot@
startup=WindowsOptimizeUpdate@
startup=WindowsOptimizeUpCh@
startup=smartup@
startup=smartupdate@
startup=splus@
startup=exactlyts@
startup=exactlytsu@
startup=WinCtrCon@
startup=WinCtrProc@
startup=kp@
startup=Wiseman@
startup=WisemanUpdate@
startup=mwfor@
startup=EXTGEAR@
startup=gearextu@
startup=appis.exe@
startup=update.exe@
startup=windowstab_uc@
startup=Windows Cookiemon@
bho={46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}@
bho={CC01FC6C-B2E6-46A2-A8D6-BEB1644C89D4}@
bho={CC01FC6C-194B-40C2-8050-C4123D25F018}@
bho={71B3701C-3A1D-4C67-A2D3-884CB7FB4317}@
secondary=http://newtab.co.kr/@
nae
'애드웨어 정보' 카테고리의 다른 글
Network Application Express의 비밀? (0) | 2016.09.13 |
---|---|
Windows Internet Explorer Smart Service 삭제 및 제거 정보 (0) | 2016.09.06 |
Network Application Express 삭제 및 제거 정보 (0) | 2016.08.12 |
TSLIDE(티슬라이드) 삭제 및 제거 정보 (0) | 2016.08.10 |
Windows Smart Search 삭제 및 제거 정보 (0) | 2016.07.14 |
OneTrip 삭제 및 제거 정보 (0) | 2016.06.15 |
댓글을 달아 주세요