研究博客
https://blog.br0vvnn [。] io
https://twitter.com/br0vvnn
https://twitter.com/BrownSec3Labs
https://twitter.com/dev0exp
https://twitter.com/djokovic808
https://twitter.com/henya290
https://twitter.com/james0x40
https://twitter.com/m5t0r
https://twitter.com/mvp4p3r
https://twitter.com/tjrim91
https://twitter.com/z0x55g
https://www.linkedin.com/in/billy-brown-a6678b1b8/
https://www.linkedin.com/in/guo-zhang-b152721bb/
https://www.linkedin.com/in/hyungwoo-lee-6985501b9/
https://www.linkedin.com/in/linshuang-li-aa696391bb/
https://www.linkedin.com/in/rimmer-trajan-2806b21bb/
https://keybase.io/zhangguo
https://t.me/james50d
https://www.virustotal.com/gui/file/68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7/detection(VS Project DLL)https://www.virustotal.com/gui/file/25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc/detection(VS项目已删除DLL)https://www.virustotal.com/gui/file/a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855/detection(VS项目已删除DLL)
https://www.virustotal.com/gui/file/a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15/detection(Service DLL)
angeldonationblog [。] com
codevexillium [。] org
investbooking [。] de
krakenfolio [。] com
opsonew3org [。] sg
transferwiser [。] io
transplugin [。] io
trophylab [。] com
www.colasprint [。] com
www.dronerc [。] it
www.edujikim [。] com
www.fabioluciani [。] com
https [:] // angeldonationblog [。] com / image / upload / upload.php
https [:] // codevexillium [。] org / image / download / download.asp
https [:] // investbooking [。] de / upload / upload.asp
https [:] // transplugin [。] io / upload / upload.asp
https [:] // www.dronerc [。] it / forum / uploads / index.php
https [:] // www.dronerc [。] it / shop_testbr / Core / upload.php
https [:] // www.dronerc [。] it / shop_testbr / upload / upload.php
https [:] // www.edujikim [。] com / intro / blue / insert.asp
https [:] // www.fabioluciani [。] com / es / include / include.asp
http [:] // trophylab [。] com / notice / images / renewal / upload.asp
http [:] // www.colasprint [。] com / _vti_log / upload.asp
注册表项:
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ KernelConfig
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ DriverConfig
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ SSL更新
文件路径:
C:\ Windows \ System32 \ Nwsapagent.sys
C:\ Windows \ System32 \ helpsvc.sys
C:\ ProgramData \ USOShared \ uso.bin
C:\ ProgramData \ VMware \ vmnat-update.bin
C:\ ProgramData \ VirtualBox \ update.bin
推荐文章++++
球分享
球点赞
球在看