Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'IEXPLORE.EXE' = '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'IEXPLORE.EXE' = '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- '%PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE'
- %WINDIR%\$NtUninstallKB922582$\fltmkb.dll
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE
- <Current directory>\~a
- <Current directory>\~a
- from %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE to %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE
- 'www.km##yc.com':80
- 'www.st###hoof.com':80
- www.km##yc.com/sjy/hostlist.htm
- www.km##yc.com/sjy/app.htm
- www.st###hoof.com/sjy/bak.htm
- DNS ASK www.km##yc.com
- DNS ASK www.st###hoof.com