Technical Information
- <SYSTEM32>\tasks\asjawazawe_{6eb6519d-cc95-1588-1124-8c2b4342cbaf}
- %WINDIR%\temp\0492-1.dll
- %LOCALAPPDATA%\eliplubd1\uggaraacms.dll
- 'mo####fastnow.com':443
- 'mo####fastnow.com':80
- 'sk###helres.com':443
- http://mo####fastnow.com/
- 'mo####fastnow.com':443
- 'sk###helres.com':443
- DNS ASK mo####fastnow.com
- DNS ASK sk###helres.com
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\Eliplubd1\Uggaraacms.dll,#1' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' C://windows/Temp/0492-1.dll
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\Eliplubd1\Uggaraacms.dll,#1
- '<SYSTEM32>\rundll32.exe' %LOCALAPPDATA%\Eliplubd1\Uggaraacms.dll,#1