Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\COMSysApp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\COMSysApp] 'ImagePath' = '%CommonProgramFiles%\Microsoft Shared\qrucwi.exe comsysapp'
- [<HKLM>\SYSTEM\ControlSet002\Services\COMSysApp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\COMSysApp] 'ImagePath' = '%CommonProgramFiles%\Microsoft Shared\qrucwi.exe comsysapp'
- [<HKLM>\SYSTEM\ControlSet003\Services\COMSysApp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet003\Services\COMSysApp] 'ImagePath' = '%CommonProgramFiles%\Microsoft Shared\qrucwi.exe comsysapp'
- %TEMP%\qrucwi.dll
- %TEMP%\qrucwireg.reg
- %TEMP%\qrucwireg.dll
- %CommonProgramFiles%\microsoft shared\qrucwi.exe
- %CommonProgramFiles%\microsoft shared\qrucwi.dll
- %TEMP%\qrucwireg.dll
- %TEMP%\qrucwireg.reg
- %TEMP%\qrucwi.dll
- '<LOCALNET>.122.1':80
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\qrucwireg.dll",polmxhat' (со скрытым окном)
- '%WINDIR%\syswow64\regedit.exe' -s "%TEMP%\qrucwireg.reg"' (со скрытым окном)
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\qrucwireg.dll",polmxhat
- '%WINDIR%\syswow64\regedit.exe' -s "%TEMP%\qrucwireg.reg"
- '%WINDIR%\syswow64\rundll32.exe' "%CommonProgramFiles%\Microsoft Shared\qrucwi.dll",polmxhat