Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'IEXPLORE.EXE' = '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'IEXPLORE.EXE' = '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE
- %WINDIR%\$NtUninstallKB922582$\fltmkb.dll
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE
- <Текущая директория>\~a
- <Текущая директория>\~a
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE в %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE
- 'www.he###lley.com':80
- 'www.km##3.com':80
- www.he###lley.com/ezmly/ver.txt
- www.he###lley.com/ezmly/SomeUpVer.txt
- www.he###lley.com/ezmly/dizhi.gif
- www.km##3.com/ezmly/bak.txt
- www.he###lley.com/ezmly/app.txt
- www.he###lley.com/ezmly/hostlist.txt
- DNS ASK www.he###lley.com
- DNS ASK www.km##3.com