Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\TXfp.lnk
- %HOMEPATH%\Start Menu\Programs\Startup.lnk
- C:\lzAUa\zAgeHSNH\TXfp\lzAUa.vbs
- 'pa###-dark.com':443
- DNS ASK pa###-dark.com
- '<SYSTEM32>\wscript.exe' "C:\lzAUa\zAgeHSNH\TXfp\lzAUa.vbs"
- '<SYSTEM32>\cmd.exe' /c start C:\lzAUa\zAgeHSNH\TXfp\\lzAUa.vbs