Technical Information
- [HKLM\System\CurrentControlSet\Services\VirtualDrive] 'ImagePath' = '%TEMP%\RarSFX0\vdd-x64.sys'
- 'VirtualDrive' \\?\%TEMP%\RarSFX0\vdd-x64.sys
- 'VirtualDrive' %TEMP%\RarSFX0\vdd-x64.sys
- %TEMP%\rarsfx0\virtual drive manager.exe
- %TEMP%\rarsfx0\vdd-x86.sys
- %TEMP%\rarsfx0\vdd-x64.sys
- %WINDIR%\temp\udd5273.tmp
- %WINDIR%\temp\udd5a7f.tmp
- %WINDIR%\temp\udd626c.tmp
- %WINDIR%\temp\udd6a3a.tmp
- %WINDIR%\temp\udd7217.tmp
- %WINDIR%\temp\udd79e5.tmp
- %WINDIR%\temp\udd5273.tmp
- %WINDIR%\temp\udd5a7f.tmp
- %WINDIR%\temp\udd626c.tmp
- %WINDIR%\temp\udd6a3a.tmp
- %WINDIR%\temp\udd7217.tmp
- %WINDIR%\temp\udd79e5.tmp
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\virtual drive manager.exe'