Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cftmon' = '<SYSTEM32>\cftmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\MSPatch] 'Start' = '00000002'
- <SYSTEM32>\MSPatch.exe service
- <SYSTEM32>\cftmon.exe
- <SYSTEM32>\MSPatch.exe
- <SYSTEM32>\cftmon.exe
- <SYSTEM32>\MSPatch.exe