Technical Information
- '<SYSTEM32>\regsvr32.exe' /S ..\cusoa1.ocx
- '<SYSTEM32>\regsvr32.exe' /S ..\cusoa2.ocx
- '<SYSTEM32>\regsvr32.exe' /S ..\cusoa3.ocx
- %HOMEPATH%\cusoa3.ocx
- 'su##edx.com':443
- 'fy##be.news':443
- 'x1.#.lencr.org':80
- 'r3.#.lencr.org':80
- 'ta##ira.com':80
- http://x1.#.lencr.org/
- http://r3.#.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTH8KuMIGmeFqpkD8mYFikRtw%3D%3D
- http://ta##ira.com/WordPress/vwZQL4Z5BPcFL3z/
- 'su##edx.com':443
- 'fy##be.news':443
- DNS ASK su##edx.com
- DNS ASK fy##be.news
- DNS ASK x1.#.lencr.org
- DNS ASK r3.#.lencr.org
- DNS ASK ta##ira.com
- DNS ASK st####.rapidssl.com
- '<SYSTEM32>\regsvr32.exe' /S ..\cusoa1.ocx' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /S ..\cusoa2.ocx' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /S ..\cusoa3.ocx' (with hidden window)