Техническая информация
- [<HKLM>\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] 'vulan' = '%WINDIR%\vlauto.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysDrvHandler' = '%APPDATA%\drvhandler.exe'
- %TEMP%\microsoft.exe
- %LOCALAPPDATA%\isolatedstorage\xckf4nir.3ij\i043mi5a.kui\url.kxgljdjate055ag2dv0qejawyzehxnz1\identity.dat
- %LOCALAPPDATA%\isolatedstorage\xckf4nir.3ij\i043mi5a.kui\url.kxgljdjate055ag2dv0qejawyzehxnz1\info.dat
- %LOCALAPPDATA%\isolatedstorage\xckf4nir.3ij\i043mi5a.kui\url.kxgljdjate055ag2dv0qejawyzehxnz1\assemfiles\e3a9fa6d\usages.bin
- %TEMP%\vulanpro.exe
- %TEMP%\vlauto.exe
- %WINDIR%\vlauto.exe
- %PROGRAMDATA%\microsoft\windows\start menu\programs\startup\drvhandler.exe
- %APPDATA%\drvhandler.exe
- http://vo##m2.club/Microsoft.exe
- http://id###gtranh.top/newbot/proxy
- http://id###gtranh.top/newbot/blog
- http://id###gtranh.top/newbot/target
- http://id###gtranh.top/newbot/botlogger.php
- DNS ASK vo##m2.club
- DNS ASK id###gtranh.top
- '%TEMP%\microsoft.exe'
- '%TEMP%\vulanpro.exe'
- '%TEMP%\vlauto.exe'