Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'OYAEPK' = '<LS_APPDATA>\OYAEPK\OYAEPKR.vbs'
- %WINDIR%\syswow64\notepad.exe
- %HOMEPATH%\yar.bmp
- %HOMEPATH%\yarexs.exe
- %HOMEPATH%\icq\yar.ocx
- %APPDATA%\install\host.exe
- %HOMEPATH%\yahoo\oyaepkkss.exe
- %HOMEPATH%\icq\oyaepk.bmp
- <LS_APPDATA>\oyaepk\oyaepkq.bat
- <LS_APPDATA>\oyaepk\oyaepkr.vbs
- %HOMEPATH%\icq\yar.ocx
- %APPDATA%\install\host.exe
- DNS ASK ad####st.ddns.net
- '%HOMEPATH%\yarexs.exe'
- '%APPDATA%\install\host.exe'
- '%HOMEPATH%\yarexs.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe'
- '%WINDIR%\syswow64\notepad.exe'