Technical Information
- <SYSTEM32>\ntvdm.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\zwkeaa.exe
- %TEMP%\00022b2d.bat
- <Full path to file>
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'ko###hian.com':80
- http://11#.#11.111.1/img/dsc.jpg via ko###hian.com
- DNS ASK ko###hian.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b80.b84.380001'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\00022b2d.bat" "<Full path to file>""
- '<SYSTEM32>\ntvdm.exe' -f -i1