Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Information Driver] 'Start' = '00000002'
- <DRIVERS>\svchost.exe
- <SYSTEM32>\sc.exe description "Application Information Driver" "Facilitates the drivers of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks."
- <SYSTEM32>\sc.exe config "Application Information Driver" type= own type= interact
- <SYSTEM32>\sc.exe create "Application Information Driver" binpath= <DRIVERS>\mdm.exe start= auto
- <DRIVERS>\tmr128.sys
- <DRIVERS>\tmexup128.sys
- <DRIVERS>\setup.1
- <DRIVERS>\nt32corp.sys
- <DRIVERS>\mdm.exe
- <DRIVERS>\ereq.sys
- <DRIVERS>\tmu128.sys
- <DRIVERS>\svchost.exe
- 'ft#.##nnybabes.net':21
- 'ti###tar.net':21
- 'sm##.gmail.com':587
- 'wp#d':80
- 'ip#####p.flashfxp.com':80
- ip#####p.flashfxp.com/
- wp#d/wpad.dat
- DNS ASK www.google.com
- DNS ASK ft#.##nnybabes.net
- DNS ASK ti###tar.net
- DNS ASK wp#d
- DNS ASK ip#####p.flashfxp.com
- DNS ASK sm##.gmail.com