Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\symonitor1] 'Start' = '00000002'
- <SYSTEM32>\drovers\svchost.exe
- C:\sc.exe start symonitor1
- C:\sc.exe create symonitor1 binpath= <SYSTEM32>\drovers\svchost.exe type= own start= auto Displayname= "Windows System Monitor"
- <SYSTEM32>\ntsd.exe -c q -p 1912
- <SYSTEM32>\ntsd.exe -c q -p 1512
- Drweb32w.exe
- 360tray.exe
- AVP.EXE
- C:\sc.exe
- C:\temp.txt
- %PROGRAM_FILES%\RDT.sys
- <SYSTEM32>\drovers\svchost.exe
- C:\sc.exe
- <SYSTEM32>\drovers\svchost.exe
- %PROGRAM_FILES%\RDT.sys
- C:\temp.txt
- 'any':0
- 'www.us##5.cn':80
- 'yo####.freehoxt.com':80
- www.us##5.cn/ipnew.txt
- yo####.freehoxt.com/ipnew.txt
- DNS ASK www.us##5.cn
- DNS ASK yo####.freehoxt.com