Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\qvvshe] 'ImagePath' = '%TEMP%\d4fbd6404bdd28dfdb60f8fbd42042f4\<File name>.sys'
- [<HKLM>\System\CurrentControlSet\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}] 'ImagePath' = 'system32\drivers\Wdf72409.sys'
- 'qvvshe' %TEMP%\d4fbd6404bdd28dfdb60f8fbd42042f4\<File name>.sys
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\d4fbd6404bdd28dfdb60f8fbd42042f4\<File name>.sys
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://x5.##tocz.com/000/0008
- http://s1.##tocz.com/wp1300074zvxg7zjl21a98
- http://s1.##tocz.com/lz08h8la32083669l40r2zn200
- DNS ASK ip###ger.org
- DNS ASK s1.##tocz.com
- DNS ASK x5.##tocz.com
- '<Full path to file>' ' (with hidden window)