Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'DBGOCodec' = '"%ProgramFiles(x86)%\DBGO Codec\DBGOCodecT.exe" -o'
- %ProgramFiles(x86)%\dbgo codec\dbgocodect.exe
- %ProgramFiles(x86)%\dbgo codec\uninstall.exe
- %TEMP%\nsh16e6.tmp\selfdelete.dll
- C:\delus.bat
- %TEMP%\nsh16e6.tmp\iefunctions.dll
- %TEMP%\nsh16e6.tmp\dllweb.dll
- %TEMP%\nsh16e6.tmp\dllweb.dll
- %TEMP%\nsh16e6.tmp\iefunctions.dll
- %TEMP%\nsh16e6.tmp\selfdelete.dll
- http://lo#.##sence.co.kr/logexp.php?ai############################
- DNS ASK lo#.##sence.co.kr
- ClassName: 'Static' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c \DelUS.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c \DelUS.bat