Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4c7795c4166ff905898d38140713b018' = '"%TEMP%\ظ„ط§ط³طھط¹ط§ط¯ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط²ط© ط§ظ„ظ‚ط¯ظٹظ…ظ‡.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4c7795c4166ff905898d38140713b018' = '"%TEMP%\ظ„ط§ط³طھط¹ط§ط¯ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط²ط© ط§ظ„ظ‚ط¯ظٹظ…ظ‡.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\4c7795c4166ff905898d38140713b018.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\ظ„ط§ط?طھط?ط§ط?ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط?ط© ط§ظ„ظ‚ط?ظٹظ…ظ‡.exe' = '%TEMP%\ظ„ط§ط³طھط¹ط§ط¯ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط²ط© ط§ظ„ظ‚ط¯ظٹظ…ظ‡.exe:*:Enabled:ظ„ط§ط³طھط¹ط§ط¯ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط²ط© ط§ظ„ظ‚ط¯ظٹظ…ظ‡.exe'
- %TEMP%\ظ„ط§ط?طھط?ط§ط?ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط?ط© ط§ظ„ظ‚ط?ظٹظ…ظ‡.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%TEMP%\ظ„ط§ط?طھط?ط§ط?ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط?ط© ط§ظ„ظ‚ط?ظٹظ…ظ‡.exe" "ظ„ط§ط?طھط?ط§ط?ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط?ط© ط§ظ„ظ‚ط?ظٹظ…ظ‡.exe" ENABLE
- %TEMP%\ظ„ط§ط?طھط?ط§ط?ط© ظƒظ„ظ…ط© ط§ظ„ظ…ط±ظˆط± ظ…ظ† ط§ظ„ط§ط¬ظ‡ط?ط© ط§ظ„ظ‚ط?ظٹظ…ظ‡.exe
- 'm1.##-ip.biz':81
- DNS ASK M1.##-IP.BIZ
- ClassName: 'Indicator' WindowName: ''