Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%PROGRAM_FILES%\Windows Media Player\ctfmon.exe,'
- %PROGRAM_FILES%\Windows Media Player\ctfmon.exe
- iexplore.exe
- %PROGRAM_FILES%\Windows Media Player\ctfmon.exe
- 'lo##.#o-co.co.in':80
- lo##.#o-co.co.in/admin/lod.php?id#########
- DNS ASK lo##.#o-co.co.in