Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b7375fe89d90c6eee34524d540ec3d2c' = '"%TEMP%\Yeni Ruhsat Geçermisiniz.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'b7375fe89d90c6eee34524d540ec3d2c' = '"%TEMP%\Yeni Ruhsat Geçermisiniz.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\b7375fe89d90c6eee34524d540ec3d2c.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Yeni Ruhsat GeГѓВ§ermisiniz.exe" "Yeni Ruhsat GeГѓВ§ermisiniz.exe" ENABLE
- %TEMP%\qtbasioyrun.exe
- %TEMP%\soevlzjqsisv.pdf
- %TEMP%\poatinvzqf.exe
- %TEMP%\ocqr.exe
- %TEMP%\yeni ruhsat geГЈВ§ermisiniz.exe
- 'ke#####i.duckdns.org':1604
- DNS ASK ke#####i.duckdns.org
- '%TEMP%\qtbasioyrun.exe'
- '%TEMP%\poatinvzqf.exe'
- '%TEMP%\ocqr.exe'
- '%TEMP%\yeni ruhsat geГЈВ§ermisiniz.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Yeni Ruhsat GeГѓВ§ermisiniz.exe" "Yeni Ruhsat GeГѓВ§ermisiniz.exe" ENABLE' (со скрытым окном)
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%TEMP%\Soevlzjqsisv.pdf"