Technical Information
- [<HKLM>\System\CurrentControlSet\Services\ias] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\ias] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\ias\Parameters] 'ServiceDll' = '<SYSTEM32>\fbwau.map'
- \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
- %TEMP%\1334338.log
- <SYSTEM32>\config\appevent.evt
- <SYSTEM32>\config\secevent.evt
- from %TEMP%\1334338.log to <SYSTEM32>\fbwau.map
- 'a.####gmaotong.cn':1120
- DNS ASK a.####gmaotong.cn