Technical Information
- <SYSTEM32>\tasks\avdupivejo_{f607c89d-42fd-0295-1f84-2db9b98fcab1}
- %WINDIR%\temp\0291-1.dll
- %LOCALAPPDATA%\{134dcef0-d6bd-0be3-1a24-f735a23acd55}\{a7888b7f-c119-da92-8472-169290d92eb6}\elsuacka2.dll
- 'mo####fastnow.com':443
- 'mo####fastnow.com':80
- 'sk###helres.com':443
- http://mo####fastnow.com/
- 'mo####fastnow.com':443
- 'sk###helres.com':443
- DNS ASK mo####fastnow.com
- DNS ASK sk###helres.com
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\{134DCEF0-D6BD-0BE3-1A24-F735A23ACD55}\{A7888B7F-C119-DA92-8472-169290D92EB6}\elsuacka2.dll,#1' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' C://windows/Temp/0291-1.dll
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\{134DCEF0-D6BD-0BE3-1A24-F735A23ACD55}\{A7888B7F-C119-DA92-8472-169290D92EB6}\elsuacka2.dll,#1
- '<SYSTEM32>\rundll32.exe' %LOCALAPPDATA%\{134DCEF0-D6BD-0BE3-1A24-F735A23ACD55}\{A7888B7F-C119-DA92-8472-169290D92EB6}\elsuacka2.dll,#1