Technical Information
- [<HKLM>\System\CurrentControlSet\Services\PassProtect] 'ImagePath' = '%ProgramFiles%\sys\PassProtect.sys'
- [<HKLM>\System\CurrentControlSet\Services\PassProtect64] 'ImagePath' = '%ProgramFiles%\sys\PassProtect64.sys'
- 'PassProtect' %ProgramFiles%\sys\PassProtect.sys
- 'PassProtect64' %ProgramFiles%\sys\PassProtect64.sys
- %ProgramFiles%\sys\cmd.bat
- %ProgramFiles%\sys\passprotect.sys
- %ProgramFiles%\sys\passprotect64.sys
- %WINDIR%\temp\udd5ffa.tmp
- %WINDIR%\temp\udd8259.tmp
- %WINDIR%\temp\udd5ffa.tmp
- %WINDIR%\temp\udd8259.tmp
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""%ProgramFiles%\sys\cmd.bat" "
- '%WINDIR%\syswow64\sc.exe' create PassProtect binpath= "%ProgramFiles%\sys\PassProtect.sys" type= kernel start= demand
- '%WINDIR%\syswow64\sc.exe' start PassProtect
- '%WINDIR%\syswow64\sc.exe' create PassProtect64 binpath= "%ProgramFiles%\sys\PassProtect64.sys" type= kernel start= demand
- '%WINDIR%\syswow64\sc.exe' start PassProtect64