Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{U828S44I-SNLA-5XRY-7FLX-0D513OKKCY2M}] 'StubPath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cftmon.exe' = ''
- <SYSTEM32>\817KILL.EXE
- %WINDIR%\regedit.exe /s STARTTUPTEMIZLE.REG
- <SYSTEM32>\shutdown.exe -r -c "BILGISAYARINIZ CIDDI BIR HATADAN KURTARILDI. BILGISAYARINIZ YENIDEN BASLATILIYOR. LUTFEN BEKLEYINIZ..."
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\f2.BAT" "
- %TEMP%\1.tmp\f2.BAT
- %TEMP%\1.tmp\STARTTUPTEMIZLE.REG
- <SYSTEM32>\817KILL.EXE
- <SYSTEM32>\cftmon.exe
- <SYSTEM32>\817KILL.EXE.exe
- %TEMP%\1.tmp\f2.BAT
- 'te####.dnsfor.me':81
- 'localhost':81
- 'localhost':1035
- DNS ASK te####.dnsfor.me
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''