Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'LFSRb' = '%APPDATA%\LFSRb\LFSRb.exe'
- %APPDATA%\lfsrb\lfsrb.exe
- '18#.#39.242.107':80
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1
- '%WINDIR%\syswow64\timeout.exe' 1