Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\smtpsvc32] 'Startup' = 'S'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\smtpsvc32] 'DLLName' = 'smtpsvc32.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\smtpsvc32] 'Start' = '00000002'
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\sc.exe description smtpsvc32 "SMTP Service"
- <SYSTEM32>\sc.exe create smtpsvc32 type= share start= auto DisplayName= "SMTP Service" group= "Event Log" binPath= "rundll32.exe <SYSTEM32>\smtpsvc32.dll,ycum"
- %TEMP%\7794ca92.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- <SYSTEM32>\b064572f.dll
- <SYSTEM32>\3fd26e99.dll
- <SYSTEM32>\smtpsvc32.dll
- <SYSTEM32>\456278c0.dll
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9d4.9d8.390001'