Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NTAKRNL] 'ImagePath' = '<DRIVERS>\ntakrnl.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\NTAKRNL] 'Start' = '00000001'
- '<SYSTEM32>\regsvr32.exe' /s shdocwv.dll
- '<SYSTEM32>\ntvdm.exe' -f -i3
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\regsvr32.exe' /s NTsvc.ocx
- '<SYSTEM32>\ntvdm.exe' -f -i1
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs3.tmp
- <SYSTEM32>\msado20.tlb
- %WINDIR%\usrsvr.exe
- <DRIVERS>\ntakrnl.sys
- %WINDIR%\NTsvc.ocx
- <SYSTEM32>\vbbho.tlb
- %WINDIR%\wmiprevse.exe
- <SYSTEM32>\shdocwv.dll
- %WINDIR%\usrsvr.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs1.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-aec.af0.3a0007'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-acc.ad0.390002'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-abc.ac0.380001'