Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'Start' = '00000002'
- %APPDATA%\kabauth\winpcap-nmap.exe /S
- <SYSTEM32>\net1.exe start npf
- <SYSTEM32>\net1.exe stop npf
- <SYSTEM32>\net.exe stop npf
- %TEMP%\nsu2.tmp\System.dll
- <SYSTEM32>\WanPacket.dll
- <SYSTEM32>\Packet.dll
- <DRIVERS>\npf.sys
- %TEMP%\nsu2.tmp\ns4.tmp
- %TEMP%\nsu2.tmp\ns3.tmp
- %TEMP%\nsu2.tmp\nsExec.dll
- <SYSTEM32>\wpcap.dll
- %TEMP%\nsu2.tmp\final.ini
- %TEMP%\nsu2.tmp\options.ini
- %APPDATA%\kabauth\winpcap-nmap.exe
- %PROGRAM_FILES%\WinPcap\rpcapd.exe
- <SYSTEM32>\pthreadVC.dll
- %PROGRAM_FILES%\WinPcap\uninstall.exe
- %PROGRAM_FILES%\WinPcap\LICENSE
- %TEMP%\nsu2.tmp\nsExec.dll
- %TEMP%\nsu2.tmp\options.ini
- %TEMP%\nsu2.tmp\System.dll
- %TEMP%\nsu2.tmp\final.ini
- %APPDATA%\kabauth\winpcap-nmap.exe
- %TEMP%\nsu2.tmp\ns3.tmp
- %TEMP%\nsu2.tmp\ns4.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''