Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\typelib32] 'Startup' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\typelib32] 'DLLName' = 'typelib32.dll'
- <SYSTEM32>\ntvdm.exe -f -i1
- %TEMP%\7794ca92.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- <SYSTEM32>\b064572f.dll
- %TEMP%\ffffffd8.cab
- <SYSTEM32>\typelib32.dll
- <SYSTEM32>\456278c0.dll
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\ffffffd8.cab
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b18.b1c.370001'