Техническая информация
- <SYSTEM32>\ntvdm.exe
- %TEMP%\4319253667.exe
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- 'ip###ger.org':443
- http://ip###ger.org/1z6A57
- http://ip###ger.org/1nLz47
- http://gs###clean.top/ver.txt
- http://ip###ger.org/1tnbw7
- http://ip###ger.org/1PMX37
- http://ip###ger.org/1z9A57
- DNS ASK ip###ger.org
- DNS ASK gs###clean.top
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fb4.fb8.370002'
- '<SYSTEM32>\cmd.exe' /c start /I "" "%TEMP%\4319253667.exe"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c start /I "" "%TEMP%\4319253667.exe"
- '<SYSTEM32>\ntvdm.exe' -f -i1