Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{AB1F3E47-AEF1-400E-A108-233A046C3A34}' = '%PROGRAMDATA%\BVDR\KmNode64I'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{AB1F3E47-AEF1-400E-A108-233A046C3A34}' = '%PROGRAMDATA%\BVDR\KmNode64I'
- %WINDIR%\explorer.exe
- %PROGRAMDATA%\bvdr\kmnode64i
- %TEMP%\{0881a137-dc87-42ee-87e0-7e45d61e5594}
- %TEMP%\{0881a137-dc87-42ee-87e0-7e45d61e5594}
- 'as####udjwaj.kro.kr':5647
- DNS ASK as####udjwaj.kro.kr
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\explorer.exe'