Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'debugger' = '%WINDIR%\system\nan.exe'
- %WINDIR%\system\2.exe
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "debugger" /d "%WINDIR%\system\nan.exe" /t REG_SZ /f
- %TEMP%\~1.bat
- %WINDIR%\system\2.exe
- %WINDIR%\system\nan.exe
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- %WINDIR%\system\2.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''