Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\axctmrw.url
- C:\users\public\axctmrw\axctmrw.exe
- C:\users\public\axctmrw\run.vbs
- C:\users\public\axctmrw\temp.vbs
- 'hh###88.kro.kr':1
- DNS ASK hh###88.kro.kr
- '%WINDIR%\syswow64\cscript.exe' C:\Users\Public\AXCTMRW\temp.vbs