Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'TMV Start' = '%WINDIR%\SysWOW64\FRECPW\TMV.exe'
- vbc.exe
- Handler for all processes: %WINDIR%\SysWOW64\FRECPW\TMV.001
- Handler for all processes: %WINDIR%\SysWOW64\FRECPW\TMV.001
- %TEMP%\vbc.exe
- %WINDIR%\syswow64\frecpw\tmv.004
- %WINDIR%\syswow64\frecpw\tmv.001
- %WINDIR%\syswow64\frecpw\tmv.002
- %WINDIR%\syswow64\frecpw\akv.exe
- %WINDIR%\syswow64\frecpw\tmv.exe
- ClassName: '' WindowName: 'AKLMW'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'IEFrame' WindowName: ''
- '%TEMP%\vbc.exe'
- '%WINDIR%\syswow64\frecpw\tmv.exe'
- '%WINDIR%\syswow64\frecpw\tmv.exe' ' (with hidden window)