Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Web Event Lo<Имя файла>' = '{79FEACFF-FFCE-815E-A900-316290B5B738}'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1601' = '00000000'
- <SYSTEM32>\hocffjip.exe
- <SYSTEM32>\mndibp32.dll
- <SYSTEM32>\surf.dat
- '<SYSTEM32>\hocffjip.exe'
- '<SYSTEM32>\hocffjip.exe' ' (со скрытым окном)