Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinDivert1.4] 'ImagePath' = '%TEMP%\WinDivert64.sys'
- DNS server to '127.0.0.1'
- %TEMP%\goodbyedpi.exe
- %TEMP%\windivert.dll
- %TEMP%\windivert64.sys
- DNS ASK microsoft.com
- '%TEMP%\goodbyedpi.exe'
- '%WINDIR%\syswow64\netsh.exe' dnsclient delete dnsserver "Local Area Connection" all
- '%WINDIR%\syswow64\netsh.exe' dnsclient add dnsserver "Local Area Connection" 127.0.0.1 1