Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\msloop] 'ImagePath' = 'system32\DRIVERS\loop.sys'
- %TEMP%\i32.exe
- %TEMP%\install.bat
- <DRIVERS>\SET1.tmp
- <DRIVERS>\SET3.tmp
- <SYSTEM32>\dllcache\loop.sys.new
- <DRIVERS>\SET2.tmp
- %WINDIR%\LastGood\TMP6.tmp
- %WINDIR%\Temp\OLD7.tmp
- <DRIVERS>\SET8.tmp
- <DRIVERS>\SET4.tmp
- %WINDIR%\Temp\OLD9.tmp
- <DRIVERS>\SETA.tmp
- <DRIVERS>\SET5.tmp
- %WINDIR%\Temp\OLDB.tmp
- <DRIVERS>\SETC.tmp
- %TEMP%\install.bat
- %TEMP%\i32.exe
- <DRIVERS>\SET1.tmp
- <DRIVERS>\loop.sys
- <DRIVERS>\SET2.tmp
- %WINDIR%\Temp\OLD7.tmp
- <DRIVERS>\SET4.tmp
- <DRIVERS>\SET5.tmp
- %WINDIR%\Temp\OLD9.tmp
- %WINDIR%\Temp\OLDB.tmp
- from <DRIVERS>\SET3.tmp to <DRIVERS>\loop.sys
- from %WINDIR%\LastGood\TMP6.tmp to %WINDIR%\LastGood\system32\DRIVERS\loop.sys
- %TEMP%\i32.exe
- %TEMP%\install.bat
- <DRIVERS>\loop.sys
- <SYSTEM32>\dllcache\loop.sys.new
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\install.bat" "
- '<SYSTEM32>\runonce.exe' -r