Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'Start' = '00000002'
- '%TEMP%\nse2.tmp\ns4.tmp' net start npf
- '%TEMP%\nse2.tmp\ns3.tmp' net stop npf
- '%APPDATA%\kabauth\winpcap-nmap.exe' /S
- '<SYSTEM32>\net1.exe' start npf
- '<SYSTEM32>\net1.exe' stop npf
- '<SYSTEM32>\net.exe' stop npf
- <DRIVERS>\npf.sys
- %TEMP%\nse2.tmp\nsExec.dll
- <SYSTEM32>\WanPacket.dll
- %TEMP%\nse2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kabauth[1].info
- %TEMP%\nse2.tmp\ns3.tmp
- %TEMP%\nse2.tmp\ns4.tmp
- <SYSTEM32>\Packet.dll
- %TEMP%\nse2.tmp\final.ini
- %PROGRAM_FILES%\WinPcap\rpcapd.exe
- %APPDATA%\kabauth\winpcap-nmap.exe
- %TEMP%\nse2.tmp\options.ini
- <SYSTEM32>\pthreadVC.dll
- <SYSTEM32>\wpcap.dll
- %PROGRAM_FILES%\WinPcap\LICENSE
- %PROGRAM_FILES%\WinPcap\uninstall.exe
- %TEMP%\nse2.tmp\options.ini
- %TEMP%\nse2.tmp\nsExec.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kabauth[1].info
- %TEMP%\nse2.tmp\System.dll
- %TEMP%\nse2.tmp\ns3.tmp
- %APPDATA%\kabauth\winpcap-nmap.exe
- %TEMP%\nse2.tmp\final.ini
- %TEMP%\nse2.tmp\ns4.tmp
- 'www.te##net.ru':80
- '<IP-адрес в локальной сети>':8316
- www.te##net.ru/files/kabauth.info
- DNS ASK www.te##net.ru
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'