Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\peoqf] 'ImagePath' = '%TEMP%\0dfd4424fbf08f40b4664d02dd62f6ff\<File name>.sys'
- [<HKLM>\System\CurrentControlSet\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}] 'ImagePath' = 'system32\drivers\Wdf34247.sys'
- 'peoqf' %TEMP%\0dfd4424fbf08f40b4664d02dd62f6ff\<File name>.sys
- %TEMP%\0dfd4424fbf08f40b4664d02dd62f6ff\<File name>.sys
- http://cr#.#ectigo.com/SectigoRSADomainValidationSecureServerCA.crt
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://x1.##cdm.com/000/002
- http://s1.##tocz.com/89gfz06z62ur17x84t1k4
- http://s1.##tocz.com/0k0an
- http://s2.##tocz.com/0k0an
- DNS ASK ip###ger.org
- DNS ASK cr#.#ectigo.com
- DNS ASK microsoft.com
- DNS ASK s1.##tocz.com
- DNS ASK x1.##cdm.com
- DNS ASK s2.##tocz.com
- '<Full path to file>' ' (with hidden window)