Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nltest' = '%APPDATA%\Microsoft\MC\nltest.exe'
- '%APPDATA%\Microsoft\MC\nltest.exe'
- %APPDATA%\Microsoft\MC\nltest.exe
- 'ad###m.us.to':80
- ad###m.us.to/reg.php?na####################
- DNS ASK ad###m.us.to
- ClassName: 'MS_WINHELP' WindowName: '(null)'