Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'EvtMgr' = 'c:\7pvu4eeqe2q2u3\Glvcpqq.exe /Klaunchp'
- %TEMP%\nst1bb8.tmp
- C:\rev\lake.exe
- C:\rev\q1txvxxve\m1tuuv2mtldm.txt
- from C:\rev\q1txvxxve\m1tuuv2mtldm.txt to C:\7pvu4eeqe2q2u3\vd4me\t32t7l337.txt
- from C:\rev\lake.exe to C:\7pvu4eeqe2q2u3\glvcpqq.exe
- '98.##6.66.28':803
- '11#.#21.171.58':3201
- '98.##6.66.27':805
- 'C:\rev\lake.exe' LATElaunchBOOT
- 'C:\7pvu4eeqe2q2u3\glvcpqq.exe'
- 'C:\rev\lake.exe' LATElaunchBOOT' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 3 127.0.0.1&&del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 3 127.0.0.1&&del "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' -n 3 127.0.0.1