Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'KeApplet' = '%TEMP%\ke64xqkasfx.exe'
- '%TEMP%\ke64xqkasfx.exe'
- %WINDIR%\Explorer.EXE
- opera.exe
- %TEMP%\2.m.log
- %TEMP%\1.m.log
- %APPDATA%\Help\ceptr.tll
- %TEMP%\ke64xqkasfx.exe
- %APPDATA%\Help\comm.tll
- 'oz##ber.com':80
- 'www.ne###presso.fr':80
- '20#.#2.176.62':80
- http://oz##ber.com/com/g.php
- http://www.ne###presso.fr/g.php
- http://20#.#2.176.62/cacti/lib/g.php
- DNS ASK oz##ber.com
- DNS ASK www.ne###presso.fr