Technical Information
- '<SYSTEM32>\rundll32.exe' shell32.dll,ShellExec_RunDLL %LOCALAPPDATA%\Tempkfjlhb39jhdfl40lhd4jdo-tyk6.lnk
- C:\users\public\.ssh\dddfhj349hjlf20ghjsajf32.dll
- %LOCALAPPDATA%\tempkfjlhb39jhdfl40lhd4jdo-tyk6.lnk
- from C:\users\public\.ssh\dddfhj349hjlf20ghjsajf32.dll to %TEMP%\njghsbn3gng354812.dll
- from %TEMP%\njghsbn3gng354812.dll to %TEMP%\u0th4bjnqr4
- DNS ASK mi##xing.pw
- '<SYSTEM32>\rundll32.exe' shell32.dll,ShellExec_RunDLL %LOCALAPPDATA%\Tempkfjlhb39jhdfl40lhd4jdo-tyk6.lnk' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /u /s "C:\Users\Public\.ssh\dddfhj349hjlf20ghjsajf32.dll"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\\njghsbn3gng354812.dll",CreatePlatformInterfaceEx4' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%TEMP%\njghsbn3gng354812.dll"' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /u /s "C:\Users\Public\.ssh\dddfhj349hjlf20ghjsajf32.dll"
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\\njghsbn3gng354812.dll",CreatePlatformInterfaceEx4
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%TEMP%\njghsbn3gng354812.dll"