Technical Information
- %APPDATA%\Microsoft\windows\Start Menu\programs\startup\tmdvip.lnk
- C:\users\public\pictures\27029\act.exe
- C:\users\public\pictures\27029\active32.exe
- C:\users\public\pictures\27029\tmdvip.exe
- C:\users\public\pictures\27029\perl510.dll
- C:\users\public\pictures\27029\tmdvip.exe
- C:\users\public\pictures\27029\active32.exe
- C:\users\public\pictures\27029\perl510.dll
- from C:\users\public\pictures\27029\act.exe to %TEMP%\1201644\....\temporaryfile
- from <Full path to file> to %TEMP%\_@56b7.tmp
- '15#.#19.20.7':88
- http://15#.#19.20.7:88/x/act.exe via 15#.#19.20.7
- http://15#.#19.20.7:88/x/kl.exe via 15#.#19.20.7
- http://15#.#19.20.7:88/x/tmdvip.exe via 15#.#19.20.7
- http://15#.#19.20.7:88/x/perl510.dll via 15#.#19.20.7