Technical Information
- <SYSTEM32>\svchost.exe
- NtQueryDirectoryFile, handler: Xctortxa.sys
- NtQuerySystemInformation, handler: Xctortxa.sys
- NtQueryValueKey, handler: Xctortxa.sys
- NtDeviceIoControlFile, handler: Xctortxa.sys
- NtEnumerateKey, handler: Xctortxa.sys
- NtEnumerateValueKey, handler: Xctortxa.sys
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\index[1].asp
- <DRIVERS>\Xctortxa.sys
- <SYSTEM32>\Xctortxa.d1l
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\index[1].asp
- 'pc###.3322.org':80
- pc###.3322.org/index.asp?50##########
- DNS ASK pc###.3322.org