Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'C79D0835FC417006623' = '"%APPDATA%\TLFPCEGPIE.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\devrew.lnk
- %WINDIR%\syswow64\svchost.exe
- iexplore.exe
- %LOCALAPPDATA%\devrew\devrew.exe
- %LOCALAPPDATA%\devrew\rcxe193.tmp
- %LOCALAPPDATA%\devrew\devrew.lnk
- %TEMP%\gvjaefbnvnci3l8cjm4o
- %APPDATA%\tlfpcegpie.exe
- %LOCALAPPDATA%\devrew\devrew.lnk
- %TEMP%\gvjaefbnvnci3l8cjm4o
- from %LOCALAPPDATA%\devrew\rcxe193.tmp to %LOCALAPPDATA%\devrew\devrew.exe
- DNS ASK xe###dep.top
- DNS ASK je###lo.space
- DNS ASK be###det.top
- '%WINDIR%\syswow64\svchost.exe'