Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\VMwareNkt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ycqjnwfl] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\VMwareNkt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\VMwareNkt] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k VMwareNkt
- NtQueryDirectoryFile, драйвер-обработчик: ntdxwi.sys
- NtDeviceIoControlFile, драйвер-обработчик: ntdxwi.sys
- <DRIVERS>\ntdxwi.sys
- <SYSTEM32>\ntdxwi.dll
- <SYSTEM32>\000507ad.ini
- 'ps##.3322.org':80
- ps##.3322.org/20130627/182835/323296.jsp
- ps##.3322.org/20130627/182849/336828.jsp
- ps##.3322.org/20130627/182808/296421.jsp
- ps##.3322.org/20130627/182822/309906.jsp
- ps##.3322.org/20130627/182902/350203.jsp
- ps##.3322.org/20130627/182942/390546.jsp
- ps##.3322.org/20130627/182956/403953.jsp
- ps##.3322.org/20130627/182916/363687.jsp
- ps##.3322.org/20130627/182929/377171.jsp
- ps##.3322.org/20130627/182638/205968.jsp
- ps##.3322.org/20130627/182651/219375.jsp
- ps##.3322.org/20130627/182613/181343.jsp
- ps##.3322.org/20130627/182626/193687.jsp
- ps##.3322.org/20130627/182704/232312.jsp
- ps##.3322.org/20130627/182741/269625.jsp
- ps##.3322.org/20130627/182755/283000.jsp
- ps##.3322.org/20130627/182716/243984.jsp
- ps##.3322.org/20130627/182728/256328.jsp
- DNS ASK ps##.3322.org