Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'scsysdel1' = 'cmd.exe /c del "<DRIVERS>\snapman.sys" && del "<DRIVERS>\fltsrv.sys" && del "<DRIVERS>\volume_tracker.sys"'
- [<HKLM>\System\CurrentControlSet\Services\fltsrv] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\fltsrv] 'ImagePath' = 'System32\drivers\fltsrv.sys'
- [<HKLM>\System\CurrentControlSet\Services\snapman] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\snapman] 'ImagePath' = 'System32\drivers\snapman.sys'
- 'fltsrv' System32\drivers\fltsrv.sys
- 'snapman' System32\drivers\snapman.sys
- %TEMP%\aut6e7b.tmp
- %TEMP%\3044gutwgqy
- %TEMP%\aut6e7b.tmp
- %TEMP%\3044gutwgqy