A Korean malware operation targeted public PC-room environments where users played go-stop, poker, Baduki, Matgo, Vanilla Game, and related online gambling/card games for financial gain. The installer or updater dropped syswnt.exe, cleaned prior components and the SQLSVC service, then contacted a shortened URL that led to a Japan-hosted server used to download sqlservice.exe and GInsert.exe. sqlservice.exe installed itself as the SQLSVC service under Common Files\Services, created additional Windows modules, and launched or injected activity through Windows Sidebar to hide execution and resist termination. GInsert.exe appeared designed to interfere with Ghost recovery images, while other modules checked PC-room management software and disabled recovery tools such as Shadow Defender and Norton Ghost to improve persistence. The malware’s apparent purpose was to join targeted game rooms, inspect opponents’ cards, and improve win rates to acquire in-game money.