Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SIWIO] 'ImagePath' = '%WINDIR%\TEMP\SiwIo.sys'
- %WINDIR%\temp\siwio.sys
- %WINDIR%\temp\uddf7d4.tmp
- %WINDIR%\temp\udd17a.tmp
- %WINDIR%\temp\udd95a.tmp
- %WINDIR%\temp\udd112b.tmp
- %WINDIR%\temp\udd18fc.tmp
- %WINDIR%\temp\udd20cd.tmp
- %WINDIR%\temp\uddf7d4.tmp
- %WINDIR%\temp\udd17a.tmp
- %WINDIR%\temp\udd95a.tmp
- %WINDIR%\temp\udd112b.tmp
- %WINDIR%\temp\udd18fc.tmp
- %WINDIR%\temp\udd20cd.tmp
- '%WINDIR%\splwow64.exe' 12288