Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'newapp' = '%APPDATA%\newapp\newapp.exe'
- %LOCALAPPDATA%\rmwhtincqynadnexzncslxybz\<File name>.exe_url_l0dhi2og1a12r523s1mkua3vetz5rzuj\8.732.560.88\xqjsr1rv.newcfg
- %APPDATA%\newapp\newapp.exe
- %APPDATA%\newapp\newapp.exe
- from %LOCALAPPDATA%\rmwhtincqynadnexzncslxybz\<File name>.exe_url_l0dhi2og1a12r523s1mkua3vetz5rzuj\8.732.560.88\xqjsr1rv.newcfg to %LOCALAPPDATA%\rmwhtincqynadnexzncslxybz\<File name>.exe_url_l0dhi2og1a12r523s1mkua3vetz5rzuj\8.732.560.88\user.config
- 'microsoft.com':80
- 'li#####olofcfanclub.com':80
- http://li#####olofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E78BC245D91BAEEA6207B26E7978B9D7.html
- DNS ASK microsoft.com
- DNS ASK li#####olofcfanclub.com
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1
- '%WINDIR%\syswow64\timeout.exe' 1