Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cgtitan' = '<SYSTEM32>\cgtitan.exe'
- '<SYSTEM32>\kem.exe'
- '<SYSTEM32>\cgtitan.exe'
- '<SYSTEM32>\kem.exe' (downloaded from the Internet)
- '<SYSTEM32>\sc.exe' delete mydriver
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 10
- '<SYSTEM32>\sc.exe' create MyDriver binpath= "%TEMP%\record.tmp" type= kernel
- '<SYSTEM32>\reg.exe' ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v cgtitan /t REG_SZ /d <SYSTEM32>\cgtitan.exe /f
- '<SYSTEM32>\taskkill.exe' -f -im <Virus name>.exe
- <SYSTEM32>\cgtitan.exe
- <SYSTEM32>\kem.exe
- %TEMP%\cgtitan.bat
- <SYSTEM32>\cgtitan.exe
- %TEMP%\~DFC979.tmp
- %TEMP%\~DF17FA.tmp
- 'www.ev###stx.info':80
- www.ev###stx.info/b.txt?18
- DNS ASK www.ev###stx.info
- ClassName: '(null)' WindowName: '(null)'