Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\hy5.5] 'ImagePath' = '%TEMP%\tD74QF2.sys'
- NtOpenProcess, handler: tD74QF2.sys
- <Current directory>\ProcessExtended.dll
- %TEMP%\tD74QF2.sys
- <Current directory>\ProcessExtended.dll
- %TEMP%\tD74QF2.sys
- %TEMP%\tD74QF2.sys
- '11#.#0.187.134':9004