Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Web Event Logger' = '{79FEACFF-FFCE-815E-A900-316290B5B738}'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1601' = '00000000'
- <SYSTEM32>\ghfhmc32.exe
- <SYSTEM32>\mckkbj32.dll
- <SYSTEM32>\surf.dat
- %TEMP%\oemldgkh.htm
- %TEMP%\ojfdqdlh.htm
- ClassName: 'IEFrame' WindowName: 'MicroSoft-Corp1 - Microsoft Internet Explorer'
- ClassName: 'IEFrame' WindowName: 'MicroSoft-Corp2 - Microsoft Internet Explorer'
- ClassName: '' WindowName: ''
- '<SYSTEM32>\ghfhmc32.exe'
- '<SYSTEM32>\ghfhmc32.exe' ' (со скрытым окном)
- '%ProgramFiles%\internet explorer\iexplore.exe' %TEMP%\oemldgkh.htm
- '%ProgramFiles%\internet explorer\iexplore.exe' %TEMP%\ojfdqdlh.htm
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\Microsoft Office\Office12\GrooveUtil.DLL",GetResourceModulePath bZX708rcyaVj8emspwr+R+/iH1TyLC3C
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\Microsoft Office\Office12\GrooveUtil.DLL",GetResourceModulePath /nz+Vb5JxEaZmJBp+Jw5A2Vdjg+9k/W2