Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.exe
- <LS_APPDATA>\svchost\<File name>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\nl4lpevy.newcfg
- <LS_APPDATA>\svchost\<File name>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\rpgbxojs.newcfg
- from <LS_APPDATA>\svchost\<File name>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\nl4lpevy.newcfg to <LS_APPDATA>\svchost\<File name>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\user.config
- from <LS_APPDATA>\svchost\<File name>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\rpgbxojs.newcfg to <LS_APPDATA>\svchost\<File name>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\user.config
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- '<SYSTEM32>\ipconfig.exe' /all