Technical Information
- <SYSTEM32>\ntvdm.exe
- %TEMP%\7997551.exe
- %TEMP%\7997552.exe
- %TEMP%\7997553.exe
- 'ke#####.sitoserver.com':80
- http://ke#####.sitoserver.com/counter/?id#########################################################################################################################
- http://ke#####.sitoserver.com/404.html
- DNS ASK ke#####.sitoserver.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c64.c6c.684'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c84.c88.c94'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-cac.cb8.f0'
- '<SYSTEM32>\ntvdm.exe' -i1
- '<SYSTEM32>\ntvdm.exe' -i2
- '<SYSTEM32>\ntvdm.exe' -i3