Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'rundll.exe' = '"rundll.exe "'
- %TEMP%\kurulum.exe
- <Current directory>\syscheck.bat
- %LOCALAPPDATA%\ccleaner.exe
- %LOCALAPPDATA%\ntdata.dll
- %LOCALAPPDATA%\ntldr.dll
- %LOCALAPPDATA%\rundll.exe
- 'tm#####di7.no-ip.biz':1234
- DNS ASK tm#####di7.no-ip.biz
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\kurulum.exe'
- '%LOCALAPPDATA%\ccleaner.exe'
- '%LOCALAPPDATA%\rundll.exe'
- '%WINDIR%\syswow64\cmd.exe' /c syscheck.bat' (with hidden window)
- '%LOCALAPPDATA%\ccleaner.exe' ' (with hidden window)
- '%LOCALAPPDATA%\rundll.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c syscheck.bat
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V rundll.exe /D "\"rundll.exe \"" /f
- '%WINDIR%\syswow64\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V rundll.exe /D "\"rundll.exe \"" /f