Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'KeApplet' = '"%TEMP%\ke64eenuu.exe"'
- %WINDIR%\Explorer.EXE
- iexplore.exe
- opera.exe
- chrome.exe
- firefox.exe
- %TEMP%\2.m.log
- %TEMP%\1.m.log
- %APPDATA%\Help\ceptr.tll
- %TEMP%\ke64eenuu.exe
- %APPDATA%\Help\comm.tll
- 'www.ro##iri.it':80
- 'www.om###italy.com':80
- 'www.pu#####imatizzatori.it':80
- 'www.sc####blabicoca.it':80
- 'www.au###idente.com':80
- 'www.de####rcupine.com':80
- 'www.di###alia.it':80
- 'www.ka####factory.com':80
- 'www.de####isgioielli.it':80
- 'www.co#####niocornareno.com':80
- 'www.or###maniei.com':80
- www.ro##iri.it/cgi-bin/g.php
- www.om###italy.com/cgi-bin/g.php
- www.pu#####imatizzatori.it/cgi-bin/g.php
- www.sc####blabicoca.it/cgi-bin/g.php
- www.au###idente.com/cgi-bin/g.php
- www.de####rcupine.com/ndxz-studio/lib/g.php
- www.di###alia.it/cgi-bin/g.php
- www.ka####factory.com/vecchiardo2009/cgi-bin/g.php
- www.de####isgioielli.it/cgi-bin/g.php
- www.co#####niocornareno.com/cgi-bin/g.php
- www.or###maniei.com/cgi-bin/g.php
- DNS ASK www.ro##iri.it
- DNS ASK www.om###italy.com
- DNS ASK www.pu#####imatizzatori.it
- DNS ASK www.sc####blabicoca.it
- DNS ASK www.au###idente.com
- DNS ASK www.de####rcupine.com
- DNS ASK www.di###alia.it
- DNS ASK www.ka####factory.com
- DNS ASK www.de####isgioielli.it
- DNS ASK www.co#####niocornareno.com
- DNS ASK www.or###maniei.com