Technical Information
- '<SYSTEM32>\rundll32.exe' shell32.dll,ShellExec_RunDLL %TEMP%\9wYjjhnVNW6LKeilb5NEvad1Zfv7WnXH.lnk
- %TEMP%\wpdnse_install\1wi7vk1dtsdntkzqupyd7tqj51ssmtocgynpamgfxu.dll
- %TEMP%\9wyjjhnvnw6lkeilb5nevad1zfv7wnxh.lnk
- from %TEMP%\wpdnse_install\1wi7vk1dtsdntkzqupyd7tqj51ssmtocgynpamgfxu.dll to %TEMP%\api-ms-win-core-profile-l1-1-0.dll
- from %TEMP%\api-ms-win-core-profile-l1-1-0.dll to %TEMP%\tmp7ed0.tmp
- 'se######usequickly.website':443
- 'pk#.goog':80
- http://pk#.goog/gsr1/gsr1.crt
- 'se######usequickly.website':443
- DNS ASK se######usequickly.website
- DNS ASK pk#.goog
- '<SYSTEM32>\rundll32.exe' shell32.dll,ShellExec_RunDLL %TEMP%\9wYjjhnVNW6LKeilb5NEvad1Zfv7WnXH.lnk' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /u /s "%TEMP%\WPDNSE_Install\1wi7vk1DtsdNtKZqUpYd7tqj51SsMTOcgyNPamgFXu.dll"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\api-ms-win-core-profile-l1-1-0.dll",QueryPerformanceFrequency' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /u /s "%TEMP%\WPDNSE_Install\1wi7vk1DtsdNtKZqUpYd7tqj51SsMTOcgyNPamgFXu.dll"
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\api-ms-win-core-profile-l1-1-0.dll",QueryPerformanceFrequency