Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '{8wk598gw2-8066-914r-59n2-bti9y0432449}' = '"%TEMP%\server.exe" /**'
- server.exe
- %TEMP%\server.exe
- %TEMP%\server.exe
- 'df###fa.kro.kr':1257
- DNS ASK df###fa.kro.kr
- '%TEMP%\server.exe'