Technical Information
- [<HKLM>\System\CurrentControlSet\Services\4] 'ImagePath' = '%WINDIR%\4.sys'
- [<HKLM>\System\CurrentControlSet\Services\hyf55] 'ImagePath' = '%TEMP%\4HXV4Ls.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\KingDriver] 'ImagePath' = '%HOMEPATH%\Documents\KingDriver.sys'
- %WINDIR%\mgzf.exe
- <Current directory>\±òæñøáòçúçð³\ïó¶õâèúùç¿.ink
- %WINDIR%\4.sys
- %TEMP%\4hxv4ls.sys
- %HOMEPATH%\documents\kingdriver.sys
- %WINDIR%\temp\udd4c6c.tmp
- %WINDIR%\temp\udd4c8d.tmp
- <Current directory>\±òæñøáòçúçð³\ïó¶õâèúùç¿.lnk
- %TEMP%\4hxv4ls.sys
- %TEMP%\4hxv4ls.sys
- %WINDIR%\temp\udd4c6c.tmp
- %WINDIR%\temp\udd4c8d.tmp
- from <Current directory>\±òæñøáòçúçð³\ïó¶õâèúùç¿.ink to <Current directory>\±òæñøáòçúçð³\ïó¶õâèúùç¿.lnk
- from <Full path to file> to %TEMP%\1066890\....\temporaryfile
- http://39.##4.124.136/mgzf.exe