Техническая информация
- <SYSTEM32>\taskshell.exe
- [<HKLM>\System\CurrentControlSet\Services\NPF] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\NPF] 'ImagePath' = '<DRIVERS>\npf.sys'
- [<HKLM>\System\CurrentControlSet\Services\WinInsideSvc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\WinInsideSvc] 'ImagePath' = '%WINDIR%\winisvc.exe'
- <SYSTEM32>\packet.dll
- <SYSTEM32>\wpcap.dll
- <DRIVERS>\npf.sys
- %WINDIR%\winisvc.exe
- %WINDIR%\temp\udd8450.tmp
- %WINDIR%\temp\udd8450.tmp
- 'an#####us668.codns.com':2222
- DNS ASK an#####us668.codns.com
- '%WINDIR%\winisvc.exe'