Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctpop' = '%PROGRAM_FILES%\ctpop\ctpop.exe'
- %TEMP%\dataup.exe
- %PROGRAM_FILES%\ctpop\ctpop.exe
- %PROGRAM_FILES%\ctpop\cnexe.exe
- %TEMP%\dataup.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %TEMP%\dataup.exe
- %TEMP%\nsj4.tmp\NSISdl.dll
- %TEMP%\nsj4.tmp\SelfDelete.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ctpop[1].xml
- C:\DelUS.bat
- %PROGRAM_FILES%\ctpop\ctpop.exe
- %PROGRAM_FILES%\ctpop\cnexe.exe
- %TEMP%\nsl2.tmp\SelfDelete.dll
- %PROGRAM_FILES%\ctpop\uninst.exe
- %TEMP%\nsj4.tmp\SelfDelete.dll
- %PROGRAM_FILES%\ctpop\cnexe.exe
- %TEMP%\nsl2.tmp\SelfDelete.dll
- %TEMP%\nsj4.tmp\NSISdl.dll
- 'yo####04.cafe24.com':80
- 'localhost':1037
- '1.##4.83.91':80
- yo####04.cafe24.com/log/?mo###########################################
- yo####04.cafe24.com/log/ctpop.xml
- 1.##4.83.91/files/dataup.dat
- DNS ASK yo####04.cafe24.com