Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\KingDriver] 'ImagePath' = '%HOMEPATH%\Documents\KingDriver.sys'
- 'KingDriver' %HOMEPATH%\Documents\KingDriver.sys
- csrss.exe
- <Current directory>\ò¸¶á¼ãú¸»öó¼\Г Гø³åä²õê».ink
- <Current directory>\csrss.exe
- %HOMEPATH%\documents\kingdriver.sys
- %WINDIR%\temp\uddbae0.tmp
- <Current directory>\ò¸¶á¼ãú¸»öó¼\Г Гø³åä²õê».lnk
- %WINDIR%\temp\uddbae0.tmp
- from <Current directory>\ò¸¶á¼ãú¸»öó¼\Г Гø³åä²õê».ink to <Current directory>\ò¸¶á¼ãú¸»öó¼\Г Гø³åä²õê».lnk
- from <Full path to file> to %TEMP%\963609\....\temporaryfile
- '<Current directory>\csrss.exe'