Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'KeApplet' = '"%TEMP%\ke64uhiljylu.exe"'
- %WINDIR%\Explorer.EXE
- opera.exe
- %TEMP%\2.m.log
- %TEMP%\1.m.log
- %APPDATA%\Help\ceptr.tll
- %TEMP%\ke64uhiljylu.exe
- %APPDATA%\Help\comm.tll
- 'www.pk###-dki.com':80
- 'www.in###ebsite.com':80
- 'www.se#####itramobil.com':80
- 'www.po###desain.com':80
- 'www.ba###lmu.web.id':80
- '4t####ension.co.in':80
- '20#.#39.119.95':80
- 'www.as#####ibinagriya.com':80
- 'www.ga###igadai.com':80
- www.pk###-dki.com/media/g.php
- www.in###ebsite.com/img/g.php
- www.se#####itramobil.com/images/g.php
- www.po###desain.com/cr/g.php
- www.ba###lmu.web.id/index/g.php
- 4t####ension.co.in/admin/g.php
- 20#.#39.119.95/sec/g.php
- www.as#####ibinagriya.com/admin/g.php
- www.ga###igadai.com/admin/g.php
- DNS ASK www.pk###-dki.com
- DNS ASK www.in###ebsite.com
- DNS ASK www.se#####itramobil.com
- DNS ASK www.po###desain.com
- DNS ASK www.ga###igadai.com
- DNS ASK 4t####ension.co.in
- DNS ASK www.ba###lmu.web.id
- DNS ASK www.as#####ibinagriya.com