Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'cftmon' = '%WINDIR%\cftmon.exe'
- User Account Control (UAC)
- Handler for all processes: %WINDIR%\ntdtcstp.dll
- %TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
- %WINDIR%\cftmon.exe
- %WINDIR%\ntdtcstp.dll
- %WINDIR%\cmsetac.dll
- %TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
- DNS ASK cs##.hopto.org
- '%TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$'
- '%WINDIR%\cftmon.exe' \melt "%TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"
- '%WINDIR%\cftmon.exe' \melt "%TEMP%\gkl0ceee5sdh.jhg3hkdcsfm.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"' (with hidden window)
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv