Technical Information
- '<SYSTEM32>\rundll32.exe' shell32.dll,ShellExec_RunDLL %LOCALAPPDATA%\Temp9uij23hnguiseghwfgj8932hgkhwgsdkljh824g.lnk
- %ALLUSERSPROFILE%\.ssh\dddfhj349hjlf20ghjsajf32.dll
- %LOCALAPPDATA%\temp9uij23hnguiseghwfgj8932hgkhwgsdkljh824g.lnk
- from %ALLUSERSPROFILE%\.ssh\dddfhj349hjlf20ghjsajf32.dll to %TEMP%\y2sidjnogkz284.dll
- from %TEMP%\y2sidjnogkz284.dll to %TEMP%\gc4cyen4x2v
- 'hs###glish.pw':443
- 'pk#.goog':80
- http://pk#.goog/gsr1/gsr1.crt
- 'hs###glish.pw':443
- DNS ASK hs###glish.pw
- DNS ASK pk#.goog
- '<SYSTEM32>\rundll32.exe' shell32.dll,ShellExec_RunDLL %LOCALAPPDATA%\Temp9uij23hnguiseghwfgj8932hgkhwgsdkljh824g.lnk' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /u /s "%ALLUSERSPROFILE%\.ssh\dddfhj349hjlf20ghjsajf32.dll"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\\y2sidjnogkz284.dll",CreatePlatformInterfaceEx4' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%TEMP%\y2sidjnogkz284.dll"' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /u /s "%ALLUSERSPROFILE%\.ssh\dddfhj349hjlf20ghjsajf32.dll"
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\\y2sidjnogkz284.dll",CreatePlatformInterfaceEx4
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%TEMP%\y2sidjnogkz284.dll"