Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a1401f4f65b846bd.exe' = '"<LS_APPDATA>\a1401f4f65b846bd.exe" /autorun'
- [<HKLM>\SYSTEM\ControlSet001\Services\c5787a4a1fd95077] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\c5787a4a1fd95077] 'ImagePath' = '<DRIVERS>\c5787a4a1fd95077.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2351f] 'Start' = '00000001'
- <LS_APPDATA>\a1401f4f65b846bd.exe
- NtOpenThread, handler: unknown
- NtOpenProcess, handler: unknown
- <DRIVERS>\c5787a4a1fd95077.sys
- <DRIVERS>\2351f.sys
- <LS_APPDATA>\a1401f4f65b846bd.exe
- from <Full path to virus> to %TEMP%\96b53c8e.tmp
- '17#.#3.141.209':80
- 17#.#3.141.209/debug2.php?id#######################
- 17#.#3.141.209/debug2.php?id########################
- 17#.#3.141.209/debug2.php?id#####################
- 17#.#3.141.209/debug2.php?id####################
- ClassName: 'Indicator' WindowName: ''