Technical Information
- [<HKLM>\System\CurrentControlSet\Services\IE Pluginycx] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\IE Pluginycx] 'ImagePath' = '<SYSTEM32>\pgplg.exe.'
- ClassName: 'Regmonclass', WindowName: ''
- ClassName: 'Filemonclass', WindowName: ''
- <Current directory>\sxef13d.tmp
- <Current directory>\sxef13c.tmp
- <Current directory>\sxef1bb.tmp
- %TEMP%\server.exe
- %WINDIR%\syswow64\pgplg.exe
- <Current directory>\sxef13d.tmp
- <Current directory>\sxef13c.tmp
- <Current directory>\sxef1bb.tmp
- 'da####ang.0pe.kr':1233
- DNS ASK da####ang.0pe.kr
- ClassName: '4823-00000029' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '<Current directory>\sxef1bb.tmp'
- '%TEMP%\server.exe'
- '%WINDIR%\syswow64\pgplg.exe'