Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\netfilter] 'ImagePath' = '%APPDATA%\netfilter.sys'
- 'netfilter' %APPDATA%\netfilter.sys
- %APPDATA%\netfilter.sys
- <Current directory>\c.xalm
- <Current directory>\c.xalm
- '45.##3.202.180':608
- '%WINDIR%\syswow64\regini.exe' c.xalm' (with hidden window)
- '%WINDIR%\syswow64\regini.exe' c.xalm