Technical Information
Modifies file system
Creates the following files
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- <Current directory>\auto\datafile\auto\maps\594.map
- <Current directory>\auto\datafile\auto\maps\595.map
- <Current directory>\auto\datafile\auto\maps\597.map
- <Current directory>\auto\datafile\auto\maps\606.map
- <Current directory>\auto\datafile\auto\maps\78.map
- <Current directory>\auto\datafile\auto\maps\80.map
- <Current directory>\auto\datafile\auto\maps\900.map
- <Current directory>\auto\datafile\auto\maps\904.map
- <Current directory>\auto\datafile\auto\maps\99.map
- <Current directory>\auto\datafile\auto\maps\phongkytren.map
- <Current directory>\auto\datafile\auto\maps\maplist.ini
- <Current directory>\auto\datafile\auto\scripts\chuyenvatpham.lua
- <Current directory>\auto\datafile\auto\scripts\datau_dunglongden.lua
- <Current directory>\auto\datafile\auto\maps\591.map
- <Current directory>\auto\datafile\auto\maps\593.map
- <Current directory>\auto\datafile\auto\scripts\gomvatpham.lua
- <Current directory>\auto\datafile\auto\scripts\lib\vulanlib.lua
- <Current directory>\auto\datafile\auto\vn.fon
- <Current directory>\auto\datafile\auto\userdata\quankun.cfg
- <Current directory>\auto\datafile\auto\userdata\dhdfhdfh.cfg
- <Current directory>\auto\datafile\auto\userdata\namnhactran2.cfg
- <Current directory>\auto\datafile\auto\userdata\jxvinhvien.cfg
- <Current directory>\auto\datafile\auto\maps\342.map
- <Current directory>\auto\datafile\auto\scripts\haiquahuyhoang.lua
- <Current directory>\auto\datafile\auto\scripts\ruttiendong_tientrang.lua
- <Current directory>\auto\datafile\auto\scripts\raovat.lua
- <Current directory>\auto\datafile\auto\scripts\muatdp_daohoanguyen.lua
- <Current directory>\auto\datafile\auto\scripts\laymocnhan.lua
- <Current directory>\auto\datafile\auto\scripts\layloclenhbai.lua
- <Current directory>\auto\datafile\auto\scripts\laylochongbao.lua
- <Current directory>\auto\datafile\auto\scripts\layhongbao.lua
- <Current directory>\auto\datafile\auto\maps\590.map
- <Current directory>\auto\datafile\auto\maps\589.map
- <Current directory>\auto\datafile\auto\maps\587.map
- %HOMEPATH%\desktop\phong hoa lien thanh.lnk
- <Current directory>\update.xml
- <Current directory>\auto\autotrainjx.exe
- <Current directory>\auto\vn.fon
- <Current directory>\auto\datafile\auto\autovlbs.exe
- <Current directory>\auto\datafile\auto\config.ini
- <Current directory>\auto\datafile\auto\maps\1.map
- <Current directory>\auto\datafile\auto\maps\100.map
- <Current directory>\auto\datafile\auto\maps\101.map
- <Current directory>\auto\datafile\auto\maps\11.map
- <Current directory>\auto\datafile\auto\maps\121.map
- <Current directory>\auto\datafile\auto\maps\153.map
- <Current directory>\auto\datafile\auto\maps\162.map
- <Current directory>\auto\datafile\auto\maps\174.map
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- <Current directory>\auto\datafile\auto\maps\175.map
- <Current directory>\auto\datafile\auto\maps\586.map
- <Current directory>\auto\datafile\auto\maps\176.map
- <Current directory>\auto\datafile\auto\maps\20.map
- <Current directory>\auto\datafile\auto\maps\224.map
- <Current directory>\auto\datafile\auto\maps\225.map
- <Current directory>\auto\datafile\auto\maps\226.map
- <Current directory>\auto\datafile\auto\maps\227.map
- <Current directory>\auto\datafile\auto\scripts\haiquahoangkim.lua
- <Current directory>\auto\datafile\auto\maps\325.map
- <Current directory>\auto\datafile\auto\core.dll
- <Current directory>\auto\datafile\auto\maps\380.map
- <Current directory>\auto\datafile\auto\maps\383.map
- <Current directory>\auto\datafile\auto\maps\386.map
- <Current directory>\auto\datafile\auto\maps\53.map
- <Current directory>\auto\datafile\auto\maps\54.map
- <Current directory>\auto\datafile\auto\maps\37.map
- <Current directory>\auto\datafile\autotrain.exe
Network activity
TCP
HTTP GET requests
- http://up####.##onghoalienthanhjx.com/launcher/
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/99.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/904.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/900.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/80.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/78.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/606.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/597.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/595.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/594.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/593.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/591.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/590.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/589.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/587.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/586.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/54.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/53.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/383.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/386.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/PhongKyTren.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/maplist.ini
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Vn.fon
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/UserData/quankun.cfg
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/UserData/dhdfhdfh.cfg
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/UserData/NamNhacTran2.cfg
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/UserData/JXVINHVIEN.cfg
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/haiquahuyhoang.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/haiquahoangkim.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/RutTienDong_Tientrang.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/MuaTDP_DaoHoaNguyen.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/162.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/LayMocNhan.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/LayLocLenhBai.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/LayLocHongBao.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/LayHongBao.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/LIB/VulanLib.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/GomVatPham.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/Datau_DungLongDen.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/ChuyenVatPham.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/380.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/37.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/342.map
- http://www.go#####analytics.com/ga.js
- http://up####.##onghoalienthanhjx.com/launcher/images/dkn.gif
- http://up####.##onghoalienthanhjx.com/launcher/images/button.jpg
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/AutoTrainJX.exe
- http://up####.##onghoalienthanhjx.com/launcher/images/line-news.gif
- http://up####.##onghoalienthanhjx.com/launcher/images/bg-wrapper.jpg
- http://up####.##onghoalienthanhjx.com/launcher/js/commone942.js?cl############
- http://up####.##onghoalienthanhjx.com/launcher/js/fadegallery.js
- http://up####.##onghoalienthanhjx.com/launcher/css/style.css
- http://up####.##onghoalienthanhjx.com/launcher/css/box-event.css
- http://up####.##onghoalienthanhjx.com/hostfile/update.php
- http://up####.##onghoalienthanhjx.com/launcher/css/mainsite.css
- http://up####.##onghoalienthanhjx.com/launcher/js/mainsite.js
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://at####.s2lol.com/action5.php
- http://s2##l.com/update/volam_phonghoalienthanhjx/checkupdate.php
- http://st####.adtimaserver.vn/resource/js/zads-base-mod.js
- http://st####.adtimaserver.vn/resource/js/zads.js?q=###################
- http://www.go#####analytics.com/r/__utm.gif?ut###################################################################################################################################################...
- http://ad#####static.zadn.vn/resource/js/zad/adr.191030.1054.js
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/325.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/Vn.fon
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/227.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/226.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/225.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/224.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/20.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/176.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/175.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Scripts/RaoVat.lua
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/core.dll
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/153.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/121.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/11.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/101.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/100.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/1.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/Config.ini
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/AutoVLBS.exe
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/Auto/MAPS/174.map
- http://up####.##onghoalienthanhjx.com/hostfile/taptin/Auto/datafile/AutoTrain.exe
UDP
- DNS ASK s2##l.com
- DNS ASK up####.##onghoalienthanhjx.com
- DNS ASK at####.s2lol.com
- DNS ASK go#####analytics.com
- DNS ASK st####.adtimaserver.vn
- DNS ASK ad#####static.zadn.vn
Miscellaneous
Searches for the following windows
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
Executes the following
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
