Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\EvMini] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\EvMini] 'ImagePath' = '%CommonProgramFiles%\System\VMware\shadow.exe -Update'
- %CommonProgramFiles%\System\VMware\shadow.exe
- 'en###.3322.org':3389
- DNS ASK en###.3322.org
- '%CommonProgramFiles%\System\VMware\shadow.exe' -Update