Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'javacx' = '%WINDIR%\javacx.exe'
- <Current directory>\versionif
- <SYSTEM32>\PerfStringBackup.TMP
- <Current directory>\versionif
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'h1#####.dothome.co.kr':80
- h1#####.dothome.co.kr/version.txt
- DNS ASK h1#####.dothome.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'AutoHotkey' WindowName: '<Full path to virus>'