Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\messenger.exe' = '<SYSTEM32>\svchosl.exe:*:Enabled:svchosl'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\messenger.exe' = '<SYSTEM32>\svchosl.exe:*:Enabled:svchosl'
- <SYSTEM32>\svchosl.exe 1580 "%WINDIR%\svchosl.exe"
- %WINDIR%\svchosl.exe
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: 'pediy06' WindowName: ''
- %WINDIR%\svchosl.exe
- <SYSTEM32>\svchosl.exe
- %TEMP%\gert0.dll
- %TEMP%\ci0-temp\bot bien 2.set
- <SYSTEM32>\svchosl.exe
- %WINDIR%\svchosl.exe
- %WINDIR%\svchosl.exe
- %TEMP%\gert0.dll
- %TEMP%\ci0-temp\bot bien 2.set
- 'bu####and.hopto.org':6667
- DNS ASK bu####and.hopto.org
- ClassName: 'mIRC' WindowName: ''
- ClassName: '18467-41' WindowName: ''