dns溯源问题 win7

病毒家族名称 hash dns请求域名 溯源pid 进程对应文件路径 是否真正恶意进程
麻辣香锅 0884de2c7ba6fb111e1483c46bfd35d4be634231719d6cec6a0b5dc7d09bd40f du.testjj.com 916 svchost -k netsvcs

麻辣香锅 66384db4fc752b8e3e83a2058ca79b408a1d27cb4c2734fffee510ecbc08c7cd db.testyk.com 808 svchost -k LocalServices……

Ramnit 1cfba19903d814bb446d145c123f3d96c415199333f62870ff05615cfbe3f3cc fget-career.com 808 svchost -k LocalServices……

广告暗刷 ebfb262ec1229bc9ba32fb173ec943f1d7e9ad1a8197633a0e14c80eddd9f008 xz.8dashi.com 808 svchost -k LocalServices

wannamine 86405122537d611fbbfcc26dc880d88567c2a95fecb95aa48e0391e997c9b816 task.attendecr.com 1452 spool.exe 是

xred\Darkkomet c323d49f16e6ad3a8f3f1ca78249385d703db2e33722476424ac3536f7043748 xred.mooo.com 916 svchost -k netsvcs

miniast挖矿 76de00c255808d77fcd4e9b524b76f89d75790923d9f87c3b3f32ad0e562563d sim.miniast.com 808 svchost -k LocalServices……

H-Worm 313e3a7017eb6330def1411a7b5cfbd7e03c974f9863c02bc6a73a94b95f02a5 maroco.myq-see.com 1684 wscript 是 wsf恶意文件运行

驱动人生 58cc154a3b2ef5bb8e21245534e5cbe0571c2f5f8cc5b7ea39b8f782c43aa901 info.amynx.com 1068 svchost -k NetWorkService

老裁缝 8a9e0e85566de08c686c2f8787e00843cdb13ee4623a3e26fa350507972a8bb0 down.w7q.net 340 svchost -k LocalServices……rl1.w7q.net 1320 explorer.exe 是 暗刷流量地址 1068 svchost -k NetWorkService

Wannacry勒索病毒 49e8d4991eca6a3f52c688d6398f9e166b7cf1b41ff7b0541e4adb6bc395cfe9 www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 808 svchost -k LocalServices……