Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON.EXE' = '<SYSTEM32>\CTFMON.EXE'
- [\REGISTRY\USER\TEMPKEY\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON.EXE' = '<SYSTEM32>\CTFMON.EXE'
- %WINDIR%\system.ini
- %TEMP%\GLC1.tmp
- %TEMP%\GLW2.tmp
- %WINDIR%\Temp\regopts.txt
- %WINDIR%\Temp\~GLBS383.TMP
- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
- %TEMP%\GLW2.tmp
- %WINDIR%\Temp\regopts.txt
- %WINDIR%\Temp\regopts.txt
- %WINDIR%\Temp\~GLBS383.TMP
- ClassName: 'CicLoaderWndClass' WindowName: ''
- '<SYSTEM32>\rundll32.exe' shell32,Control_RunDLL intl.cpl,,/f:"%WINDIR%\Temp\regopts.txt"
- '<SYSTEM32>\ctfmon.exe'