Technical Information
- %TEMP%\9kpvzgaq7d5jfdg.exe
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- http://fp###ter.com.br/n7vjsea
- DNS ASK fp###ter.com.br
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fb8.fbc.3a0001'
- '<SYSTEM32>\ntvdm.exe' -f -i1' (with hidden window)
- '<SYSTEM32>\ntvdm.exe' -f -i1