Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NetScan' = '<Полный путь к файлу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'ImagePath' = 'system32\drivers\npf.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'ImagePath' = '<DRIVERS>\npf.sys'
- <DRIVERS>\npf.sys
- <SYSTEM32>\Packet.dll
- <SYSTEM32>\wpcap.dll
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\sc.exe' create npf binpath= <DRIVERS>\npf.sys type= kernel start= boot
- '<SYSTEM32>\sc.exe' config npf start= auto
- '<SYSTEM32>\sc.exe' start npf