Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'IntelPowerAgent3' = 'rundll32.exe shell32.dll, ShellExec_RunDLL C:\PROGRA~3\2fca0fc3.exe'
- [<HKLM>\System\CurrentControlSet\Services\EFS] 'Start' = '00000002'
- %WINDIR%\syswow64\cmd.exe
- iexplore.exe
- firefox.exe process, crypt32.dll module
- iexplore.exe process, crypt32.dll module
- firefox.exe process, urlmon.dll module
- iexplore.exe process, urlmon.dll module
- %ALLUSERSPROFILE%\2fca0fc3.exe
- %ALLUSERSPROFILE%\trle108.tmp.bat
- DNS ASK ad###oyo1377.tk
- '%WINDIR%\syswow64\svchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%ALLUSERSPROFILE%\trlE108.tmp.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%ALLUSERSPROFILE%\trlE108.tmp.bat" "<Full path to file>""