Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '<SYSTEM32>\ctfmonjly.exe'
- %WINDIR%\syswow64\wl69335.dll
- %WINDIR%\syswow64\ctfmonjly.exe
- '%WINDIR%\syswow64\regsvr32.exe' /s <SYSTEM32>\wl69335.dll