Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Nationalsyl] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Nationalsyl] 'ImagePath' = '<SYSTEM32>\xorvom.exe'
- 'Nationalsyl' <SYSTEM32>\xorvom.exe
- %WINDIR%\syswow64\xorvom.exe
- '10###002.kro.kr':1156
- DNS ASK 10###002.kro.kr
- '%WINDIR%\syswow64\xorvom.exe'