Technical Information
- <SYSTEM32>\tasks\moujavuk_{1f747893-1d7b-3a10-1984-0140271a8699}
- %WINDIR%\temp\0494-1.dll
- %APPDATA%\{f7f7cd00-2dc1-b653-11f4-b80f04daad03}\{76651871-468f-3ebb-82d2-7c2641fd742e}\tueracfe64.dll
- 'mo####fastnow.com':443
- 'mo####fastnow.com':80
- 'sk###helres.com':443
- 'ho###alos.com':443
- http://mo####fastnow.com/
- 'mo####fastnow.com':443
- 'sk###helres.com':443
- DNS ASK mo####fastnow.com
- DNS ASK sk###helres.com
- DNS ASK ho###alos.com
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %APPDATA%\{F7F7CD00-2DC1-B653-11F4-B80F04DAAD03}\{76651871-468F-3EBB-82D2-7C2641FD742E}\tueracfe64.dll,#1' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' C://windows/Temp/0494-1.dll
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %APPDATA%\{F7F7CD00-2DC1-B653-11F4-B80F04DAAD03}\{76651871-468F-3EBB-82D2-7C2641FD742E}\tueracfe64.dll,#1
- '<SYSTEM32>\rundll32.exe' %APPDATA%\{F7F7CD00-2DC1-B653-11F4-B80F04DAAD03}\{76651871-468F-3EBB-82D2-7C2641FD742E}\tueracfe64.dll,#1