Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cftmon' = '"<SYSTEM32>\cftmon.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\WMOptimizer] 'Start' = '00000002'
- <SYSTEM32>\scvhost.exe service
- %WINDIR%\regedit.exe /s ""%TEMP%\t.reg""
- %TEMP%\t.reg
- <SYSTEM32>\cftmon.exe
- <SYSTEM32>\scvhost.exe
- <SYSTEM32>\cftmon.exe
- <SYSTEM32>\scvhost.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''