Technical Information
- [HKLM\System\CurrentControlSet\Services\VirtualDrive] 'ImagePath' = '%TEMP%\RarSFX0\vdd-x64.sys'
- 'VirtualDrive' \\?\%TEMP%\RarSFX0\vdd-x64.sys
- 'VirtualDrive' %TEMP%\RarSFX0\vdd-x64.sys
- %TEMP%\rarsfx0\virtual drive manager.exe
- %TEMP%\rarsfx0\vdd-x86.sys
- %TEMP%\rarsfx0\vdd-x64.sys
- %WINDIR%\temp\udd7f3d.tmp
- %WINDIR%\temp\udd872a.tmp
- %WINDIR%\temp\udd8ef8.tmp
- %WINDIR%\temp\udd96c5.tmp
- %WINDIR%\temp\udd9e93.tmp
- %WINDIR%\temp\udda671.tmp
- %WINDIR%\temp\udd7f3d.tmp
- %WINDIR%\temp\udd872a.tmp
- %WINDIR%\temp\udd8ef8.tmp
- %WINDIR%\temp\udd96c5.tmp
- %WINDIR%\temp\udd9e93.tmp
- %WINDIR%\temp\udda671.tmp
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\virtual drive manager.exe'