Техническая информация
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\ntvdm.exe' -f -i1
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\file10[1].pdf
- <Текущая директория>\lsass.exe
- <Текущая директория>\tmp001
- <Текущая директория>\lsass.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs2.tmp
- <Текущая директория>\tmp001
- %WINDIR%\Temp\scs1.tmp
- 'ad####2ky.biz.ly':80
- 'localhost':1036
- ad####2ky.biz.ly/file10.pdf
- DNS ASK ad####2ky.biz.ly
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b5c.b60.390001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b40.b44.380001'