Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}' = 'hook dll rising'
- %WINDIR%\AhnRpta.exe
- %WINDIR%\AhnRpta.exe
- <SYSTEM32>\softqq0.dll
- \Device\HarddiskVolume1
- <DRIVERS>\cdaudio.sys