FileHashes
|
a3060a3efb9ac3da444ef8abc99143293076fe32 |
29489f1a0c1d3920d783c047641fc46d759935dacf09debb3769c3a843b90ee2 |
4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244 |
68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7 |
25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc |
a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855 |
a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15 |
RegistryKeys
|
HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp |
HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Security |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig |
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update |
File Paths
|
C:\Windows\System32\Nwsapagent.sys |
C:\Windows\System32\helpsvc.sys |
C:\ProgramData\USOShared\uso.bin |
C:\ProgramData\VMware\vmnat-update.bin |
C:\ProgramData\VirtualBox\update.bin |
Domain
|
angeldonationblog[.]com |
codevexillium[.]org |
investbooking[.]de |
krakenfolio[.]com |
opsonew3org[.]sg |
transferwiser[.]io |
transplugin[.]io |
trophylab[.]com |
www.colasprint[.]com |
www.dronerc[.]it |
www.edujikim[.]com |
www.fabioluciani[.]com |
URLs
|
https[:]//angeldonationblog[.]com/image/upload/upload.php |
https[:]//codevexillium[.]org/image/download/download.asp |
https[:]//investbooking[.]de/upload/upload.asp |
https[:]//transplugin[.]io/upload/upload.asp |
https[:]//www.dronerc[.]it/forum/uploads/index.php |
https[:]//www.dronerc[.]it/shop_testbr/Core/upload.php |
https[:]//www.dronerc[.]it/shop_testbr/upload/upload.php |
https[:]//www.edujikim[.]com/intro/blue/insert.asp |
https[:]//www.fabioluciani[.]com/es/include/include.asp |
http[:]//trophylab[.]com/notice/images/renewal/upload.asp |
http[:]//www.colasprint[.]com/_vti_log/upload.asp |