Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}] 'Exec' = 'http://www.iexplorerfiles.com/redirect.php'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] 'start' = '%PROGRAM_FILES%\Applications\iebtm.exe'
- '%PROGRAM_FILES%\Applications\iebtmm.exe'
- '%PROGRAM_FILES%\Applications\iebtm.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hdyj0.bat" "
- %PROGRAM_FILES%\Applications\iebt.dll
- %PROGRAM_FILES%\Applications\iebtmm.exe
- %TEMP%\hdyj0.bat
- %PROGRAM_FILES%\Applications\iebtm.exe
- %PROGRAM_FILES%\Applications\iebtu.exe