Technical Information
- '<SYSTEM32>\ntvdm.exe' -f -ic
- '<SYSTEM32>\ntvdm.exe' -f -id
- '<SYSTEM32>\ntvdm.exe' -f -ib
- '<SYSTEM32>\ntvdm.exe' -f -i9
- '<SYSTEM32>\ntvdm.exe' -f -ia
- '<SYSTEM32>\ntvdm.exe' -f -i11
- '<SYSTEM32>\ntvdm.exe' -f -i12
- '<SYSTEM32>\ntvdm.exe' -f -i10
- '<SYSTEM32>\ntvdm.exe' -f -ie
- '<SYSTEM32>\ntvdm.exe' -f -if
- '<SYSTEM32>\ipconfig.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i3
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\regsvr32.exe' /s <Current directory>\mswinsck.ocx
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\ntvdm.exe' -f -i7
- '<SYSTEM32>\ntvdm.exe' -f -i8
- '<SYSTEM32>\ntvdm.exe' -f -i6
- '<SYSTEM32>\ntvdm.exe' -f -i4
- '<SYSTEM32>\ntvdm.exe' -f -i5
- <SYSTEM32>\ipconfig.exe
- ClassName: 'TDeDeMainForm' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'TIdaWindow' WindowName: '(null)'
- %WINDIR%\Temp\scs17.tmp
- %WINDIR%\Temp\scs16.tmp
- %WINDIR%\Temp\scs19.tmp
- %WINDIR%\Temp\scs18.tmp
- %WINDIR%\Temp\scs15.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scs14.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scs1A.tmp
- %WINDIR%\Temp\scs21.tmp
- %WINDIR%\Temp\scs20.tmp
- %WINDIR%\Temp\scs23.tmp
- %WINDIR%\Temp\scs22.tmp
- %WINDIR%\Temp\scs1F.tmp
- %WINDIR%\Temp\scs1C.tmp
- %WINDIR%\Temp\scs1B.tmp
- %WINDIR%\Temp\scs1E.tmp
- %WINDIR%\Temp\scs1D.tmp
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs5.tmp
- <SYSTEM32>\IPW.DAT
- %WINDIR%\Temp\scs2.tmp
- <SYSTEM32>\webhy.ini
- %WINDIR%\Temp\scs1.tmp
- <SYSTEM32>\ghy.gif
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scsC.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scsE.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scs17.tmp
- %WINDIR%\Temp\scs16.tmp
- %WINDIR%\Temp\scs19.tmp
- %WINDIR%\Temp\scs18.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs15.tmp
- %WINDIR%\Temp\scs14.tmp
- %WINDIR%\Temp\scs1A.tmp
- %WINDIR%\Temp\scs20.tmp
- %WINDIR%\Temp\scs1F.tmp
- %WINDIR%\Temp\scs22.tmp
- %WINDIR%\Temp\scs21.tmp
- %WINDIR%\Temp\scs1C.tmp
- %WINDIR%\Temp\scs1B.tmp
- %WINDIR%\Temp\scs1E.tmp
- %WINDIR%\Temp\scs1D.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scs5.tmp
- <SYSTEM32>\IPW.DAT
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scsE.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scsC.tmp
- %WINDIR%\Temp\scsB.tmp
- 'localhost':1038
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-e5c.e60.3f0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-df0.df4.3e0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f38.f3c.410001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ec8.ecc.400001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ca8.cac.3b0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c30.c34.3a0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d84.d88.3d0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d18.d1c.3c0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b94.b98.470001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ac8.ac4.460001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c70.c74.490001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c04.c08.480001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-70.134.430001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fa4.fa8.420001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-538.828.450001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-138.9a0.440001'
- ClassName: 'RegMon_RegMon' WindowName: '(null)'
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: 'KeyGen_Class' WindowName: '(null)'
- ClassName: 'KeyGen20_Class' WindowName: '(null)'
- ClassName: 'NMSCMW50' WindowName: '(null)'
- ClassName: 'WHXMDI0' WindowName: '(null)'
- ClassName: 'RESSPY98' WindowName: '(null)'
- ClassName: 'OWL_Window' WindowName: '(null)'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b5c.b60.390002'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b48.b4c.380001'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Afx:400000:b:13ee:6:4e0f' WindowName: '(null)'
- ClassName: 'Afx:400000:8:13ee:0:64c7' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'DEBUG_API_SPY_WND_CLASS' WindowName: '(null)'