Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '47812f1f34cc6ef9bc59bee7782b8c8a' = '"%TEMP%\khawlita.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '47812f1f34cc6ef9bc59bee7782b8c8a' = '"%TEMP%\khawlita.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\47812f1f34cc6ef9bc59bee7782b8c8a.exe
- '%TEMP%\khawlita.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\khawlita.exe" "khawlita.exe" ENABLE
- <SYSTEM32>\drwtsn32.exe
- %TEMP%\khawlita.exe
- 'al#####ussef.zapto.org':82
- DNS ASK al#####ussef.zapto.org
- ClassName: 'Indicator' WindowName: '(null)'