Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'Debugger' = '<SYSTEM32>\atmadn.exe'
- '<SYSTEM32>\reg.exe' IMPORT <SYSTEM32>\on.reg
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\wminotify.dll
- <SYSTEM32>\on.reg
- <SYSTEM32>\sethk.exe
- <SYSTEM32>\atmadn.exe
- <SYSTEM32>\on.reg
- ClassName: '18467-41' WindowName: ''