Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ojukatuk' = '"%WINDIR%\omirkrel.exe"'
- %WINDIR%\syswow64\explorer.exe
- %PROGRAMDATA%\ahuhapywysusomyp\01000000
- %WINDIR%\omirkrel.exe
- %PROGRAMDATA%\ahuhapywysusomyp\02000000
- %PROGRAMDATA%\ahuhapywysusomyp\00000000
- DNS ASK up##.#akawtek.com
- DNS ASK yw##.#akawtek.com
- DNS ASK an######evo.xakawtek.com
- DNS ASK iv#####guq.xakawtek.com
- DNS ASK xg###.xakawtek.com
- DNS ASK il###.xakawtek.com
- '%WINDIR%\syswow64\explorer.exe'
- '<SYSTEM32>\vssvc.exe'