Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im cmd.exe
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\syswow64\taskkill.exe
- <Current directory>\panda.sys
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012021030820210309\index.dat
- 'google.com':80
- 'google.com':443
- 'microsoft.com':80
- http://google.com/
- http://www.google.com/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK google.com
- DNS ASK microsoft.com
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /k start ndadmin' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k echo 峎䒣㜄쬊䗢峎 > panda.sys & taskkill /im cmd.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k start ndadmin
- '%WINDIR%\syswow64\ndadmin.exe'
- '%WINDIR%\syswow64\cmd.exe' /k echo 峎䒣㜄쬊䗢峎 > panda.sys & taskkill /im cmd.exe