Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\.svchost] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\.svchost] 'ImagePath' = '%CommonProgramFiles(x86)%\Microsoft\svchost.exe'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\QAssist] 'Start' = '00000001'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\QAssist] 'ImagePath' = 'system32\DRIVERS\QAssist.sys'
- '.svchost' %CommonProgramFiles(x86)%\Microsoft\svchost.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\QAssist] 'Group' = 'FSFilter Activity Monitor'
- ClassName: 'OLLYDBG', WindowName: ''
- %CommonProgramFiles(x86)%\microsoft\svchost.exe
- <DRIVERS>\qassist.sys
- %WINDIR%\temp\uddf99a.tmp
- %WINDIR%\temp\udd187.tmp
- %WINDIR%\temp\udd964.tmp
- %WINDIR%\temp\udd1142.tmp
- %WINDIR%\temp\udd191f.tmp
- %WINDIR%\temp\udd20fd.tmp
- %CommonProgramFiles(x86)%\microsoft\svchost.exe
- %WINDIR%\temp\uddf99a.tmp
- %WINDIR%\temp\udd187.tmp
- %WINDIR%\temp\udd964.tmp
- %WINDIR%\temp\udd1142.tmp
- %WINDIR%\temp\udd191f.tmp
- %WINDIR%\temp\udd20fd.tmp
- 'localhost':8585
- 'ji##i.ink':8585
- DNS ASK ji##i.ink
- '%CommonProgramFiles(x86)%\microsoft\svchost.exe'
- '%CommonProgramFiles(x86)%\microsoft\svchost.exe' Win7
- '%WINDIR%\syswow64\cmd.exe' /c del <Полный путь к файлу> > nul' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c del <Полный путь к файлу> > nul