Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'cftmon' = '%WINDIR%\cftmon.exe'
- Средство контроля пользовательских учетных записей (UAC)
- Библиотека-обработчик для всех процессов: %WINDIR%\ntdtcstp.dll
- %TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
- %WINDIR%\cftmon.exe
- %WINDIR%\ntdtcstp.dll
- %WINDIR%\cmsetac.dll
- %TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
- DNS ASK cs##.hopto.org
- '%TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$'
- '%WINDIR%\cftmon.exe' \melt "%TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"
- '%WINDIR%\cftmon.exe' \melt "%TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"' (со скрытым окном)
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv