Technical Information
- <SYSTEM32>\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V rundll.exe /D "\"<LS_APPDATA>\rundll.exe\" /background" /f
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\cmd.exe /c ""<Current directory>\winupdate.bat" "
- <LS_APPDATA>\rundll.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- <Current directory>\winupdate.bat
- <LS_APPDATA>\Multi Client.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- '17#.#38.160.18':80
- 17#.#38.160.18/getme.php?u=#########
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b0c.b10.3b0002'