Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\yhxugewwup.url
- %WINDIR%\notepad.exe
- %PROGRAMDATA%\ntisypbunc\cfgi
- %PROGRAMDATA%\ntisypbunc\cfg
- %PROGRAMDATA%\ntisypbunc\drvcfg32
- %PROGRAMDATA%\ntisypbunc\r.vbs
- %PROGRAMDATA%\ntisypbunc\r.vbs
- from %PROGRAMDATA%\ntisypbunc\drvcfg32 to %PROGRAMDATA%\ntisypbunc\drvcfg32.exe
- '93.##6.60.109':444
- DNS ASK tl##box.ws
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\NTISyPbUNc\r.vbs"
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\NTISyPbUNc\cfg"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%PROGRAMDATA%\NTISyPbUNc\r.vbs"