Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Glxbjdvsd ygvnwn' = '%APPDATA%\Frwxcqlqlptdyf\Ra61tAVmU.url'
- vhqdgjyug.exe
- %APPDATA%\frwxcqlqlptdyf\ra61tavmu.url
- %APPDATA%\frwxcqlqlptdyf\vhqdgjyug.exe
- %TEMP%\dhslahsl.ps1
- %APPDATA%\frwxcqlqlptdyf\ra61tavmu.url
- 'ha###eol.p-e.kr':2
- DNS ASK ha###eol.p-e.kr
- '%APPDATA%\frwxcqlqlptdyf\vhqdgjyug.exe'
- '%WINDIR%\syswow64\cmd.exe' "%APPDATA%\Frwxcqlqlptdyf\vhqdgjyug.exe"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%TEMP%\\dhslahsl.ps1'"