Technical Information
- <SYSTEM32>\tasks\bss agent
- <Current directory>\konsol.exe
- <Current directory>\tmp
- 'ba###pso.com':80
- http://ba###pso.com/download/Konsol.exe
- http://ba###pso.com/download/v.php?v=####
- http://ba###pso.com/download/v.php?k=###
- DNS ASK ba###pso.com
- '<Current directory>\konsol.exe' -v
- '<SYSTEM32>\schtasks.exe' /delete /TN "BSS Agent" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 0" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 1" /F
- '<SYSTEM32>\schtasks.exe' /create /tn "BSS Agent" /tr "<Current directory>\Backupso.exe" /sc onlogon /RL HIGHEST
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 2" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 3" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 4" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 5" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 6" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 7" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 8" /F
- '<SYSTEM32>\schtasks.exe' /delete /TN "Bulut Yedekleme 9" /F