Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinLogon] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ahnurla] 'Start' = '00000002'
- '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe' -install
- '<SYSTEM32>\dumprep.exe' 1416 -dm 7 7 %TEMP%\WERfee0.dir00\explorer.exe.mdmp 16325836412028084
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop sharedaccess
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\svchost.exe
- %WINDIR%\svchost.exe
- <SYSTEM32>\olesau32.dll
- C:\spoolerlogs\spooler.xml
- %TEMP%\del3980b.bat
- %WINDIR%\olesau32.dll
- <DRIVERS>\ahnurla.sys
- %WINDIR%\setupball.bmp
- %WINDIR%\version.dat
- %WINDIR%\wintmp.dat
- %WINDIR%\winurl.dat
- ClassName: 'Progman' WindowName: 'Program Manager'