Technical Information
- [<HKLM>\System\CurrentControlSet\Services\safddsafsafsaf] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\safddsafsafsaf] 'ImagePath' = '<SYSTEM32>\bsfnso.exe'
- bsfnso.exe
- %WINDIR%\syswow64\bsfnso.exe
- 'df###fa.kro.kr':9173
- DNS ASK df###fa.kro.kr
- '%WINDIR%\syswow64\bsfnso.exe'