Technical Information
- %WINDIR%\tasks\cookieclub.job
- <SYSTEM32>\tasks\cookieclub
- [<HKLM>\System\CurrentControlSet\Services\Liberal Flutter] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Liberal Flutter] 'ImagePath' = '%APPDATA%\Liberal Flutter\Liberal Flutter.exe'
- 'Liberal Flutter' %APPDATA%\Liberal Flutter\Liberal Flutter.exe
- %ALLUSERSPROFILE%\{da0c59a7-bb76-73eb-da0c-c59a7bb7669e}\<File name>.exe
- %ALLUSERSPROFILE%\{da0c59a7-bb76-73eb-da0c-c59a7bb7669e}\<File name>.dat
- %APPDATA%\liberal flutter\liberal flutter.exe
- %APPDATA%\liberal flutter\fba00.dat
- 'ge####ltiple.link':80
- 'al####el-pro.com':80
- http://ge####ltiple.link/?q=#####################################################################################################################################################################...
- DNS ASK ge####ltiple.link
- DNS ASK al####el-pro.com
- '%APPDATA%\liberal flutter\liberal flutter.exe'