Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ywphhzljq] 'DLLName' = 'joxmqcln.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ywphhzljq] 'Startup' = 'hutqgxuvtq'
- %WINDIR%\Explorer.EXE
- iexplore.exe
- <SYSTEM32>\joxmqcln.dll
- <SYSTEM32>\aqrpzv.exe
- 're##ct.mobi':80
- re##ct.mobi/IT02/get.php
- DNS ASK re##ct.mobi