Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CTFM0N' = '%WINDIR%\system\CTFM0N.exe'
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '<SYSTEM32>\SVCH0ST.exe %1'
- '%WINDIR%\system\CTFM0N.exe'
- '<SYSTEM32>\attrib.exe' <SYSTEM32>\win.mp3 +h
- '<SYSTEM32>\attrib.exe' %WINDIR%\system\CTFM0N.exe +h
- '<SYSTEM32>\attrib.exe' <SYSTEM32>\SVCH0ST.exe +h
- <SYSTEM32>\SVCH0ST.exe
- %WINDIR%\system\CTFM0N.exe
- %WINDIR%\system\CTFM0N.exe
- <SYSTEM32>\SVCH0ST.exe