Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\dvcfj.lnk
- %APPDATA%\mtnlm\nmfeb.conf
- %APPDATA%\mtnlm\tupmi.vbs
- %APPDATA%\mtnlm\avyed.vbs
- %APPDATA%\mtnlm\dvcfj.vbs
- 's1##.#tphosting.pw':80
- http://s1##.#tphosting.pw/user81249/4917/url4.txt
- DNS ASK s1##.#tphosting.pw
- ClassName: 'MS_WINHELP' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%APPDATA%\mtnlm\dvcfj.vbs"
- '<SYSTEM32>\wscript.exe' "%APPDATA%\mtnlm\tupmi.vbs"
- '<SYSTEM32>\wscript.exe' "%APPDATA%\mtnlm\avyed.vbs"