Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfnom' = '%APPDATA%\Dir\ctfnom.exe'
- %APPDATA%\Dir\ctfnom.exe
- %WINDIR%\Dated.dat
- %APPDATA%\Dir\ctfnom.exe
- %TEMP%\~DF255A.tmp
- 'any':2185
- ClassName: 'Indicator' WindowName: ''