Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '<SYSTEM32>\ctfmon_lr.exe'
- %WINDIR%\syswow64\dq28128.dll
- %WINDIR%\syswow64\ctfmon_lr.exe
- '%WINDIR%\syswow64\regsvr32.exe' /s <SYSTEM32>\dq28128.dll