Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WHDMIDE] 'Start' = '00000002'
- '%PROGRAM_FILES%\Google\Chrome\Application\Chrome.txt' MZђ
- '%PROGRAM_FILES%\Google\Chrome\Application\Chrome.txt' (downloaded from the Internet)
- '<SYSTEM32>\taskkill.exe' /f /im Chrome.txt
- '<SYSTEM32>\taskkill.exe' /f /im LMS.dat
- %PROGRAM_FILES%\Hardware Driver Management\id.txt
- %PROGRAM_FILES%\Hardware Driver Management\history.txt
- %PROGRAM_FILES%\Google\Chrome\Application\Chrome.txt
- from <Full path to virus> to %PROGRAM_FILES%\Hardware Driver Management\windriver.exe
- 'ic###azip.com':80
- 'mi##.#xpanel.com':80
- ic###azip.com/
- mi##.#xpanel.com/x86.dat
- mi##.#xpanel.com/report?ha#####################################################################################################################################################################################
- mi##.#xpanel.com/install/start
- mi##.#xpanel.com/install/106:0%20-%3e%20127:2%20-%3e%2065:0%20-%3e%2067:0%20-%3e%2080:0%20-%3e%2081:0%20-%3e%2082:0%20-%3e%2094:0%20-%3e%2095:0
- mi##.#xpanel.com/line2.txt
- DNS ASK ic###azip.com
- DNS ASK mi##.#xpanel.com
- ClassName: '' WindowName: ''