Technical Information
- [<HKLM>\System\CurrentControlSet\Services\paddNFk] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\paddNFk] 'ImagePath' = '<DRIVERS>\paddNFk.sys'
- <DRIVERS>\paddnfk.sys
- %WINDIR%\temp\udd12c4.tmp
- <DRIVERS>\etc\hosts
- %WINDIR%\temp\udd12c4.tmp
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcAB1MQ" /S /Q' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcAB1MQ" /S /Q