Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '97cf43e19888484a832fa985accb2085' = '"%PROGRAMDATA%\sedrhe4.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '97cf43e19888484a832fa985accb2085' = '"%PROGRAMDATA%\sedrhe4.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\sedrhe4.exe" "sedrhe4.exe" ENABLE
- sedrhe4.exe
- %PROGRAMDATA%\sedrhe4.exe
- 'bo##.kro.kr':3
- DNS ASK bo##.kro.kr
- '%PROGRAMDATA%\sedrhe4.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\sedrhe4.exe" "sedrhe4.exe" ENABLE' (with hidden window)