Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinLogon] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ahnurla] 'Start' = '00000002'
- '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe' -install
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop sharedaccess
- %WINDIR%\Explorer.EXE
- NtQueryDirectoryFile, драйвер-обработчик: unknown
- NtEnumerateValueKey, драйвер-обработчик: unknown
- NtEnumerateKey, драйвер-обработчик: unknown
- %WINDIR%\svchost.exe
- <SYSTEM32>\olesau32.dll
- %WINDIR%\mealive.dat
- %TEMP%\del289a8.bat
- %WINDIR%\olesau32.dll
- <DRIVERS>\ahnurla.sys
- %WINDIR%\setupball.bmp
- %WINDIR%\version.dat
- %WINDIR%\wintmp.dat
- %WINDIR%\winurl.dat
- 'www.ch##net.net':80
- www.ch##net.net/cha/board.asp
- DNS ASK www.ch##net.net
- ClassName: 'Progman' WindowName: 'Program Manager'