Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ESDF] 'ImagePath' = '<SYSTEM32>\ESDF.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\EsdDemon1] 'ImagePath' = '<SYSTEM32>\EsdDemon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\EsdDemon1] 'Start' = '00000002'
- '<SYSTEM32>\EsdDemon.exe'
- <SYSTEM32>\ESDF.sys
- %TEMP%\Uto2.tmp
- %TEMP%\MSA1.tmp
- from %TEMP%\Uto2.tmp to <SYSTEM32>\EsdDemon.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''