Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BluetoothAuthorizationAgent' = '<SYSTEM32>\BluetoothAuthorizationAgent.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\af856ace-7b5d-431d-9f9a-1f1e10e60182[1].gif
- %TEMP%\.tt2.tmp
- %TEMP%\.tt1.tmp
- <SYSTEM32>\pojidgj.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\windowsupdate.microsoft[1]
- %TEMP%\.tt2.tmp
- %TEMP%\.tt1.tmp
- из <Полный путь к вирусу> в <SYSTEM32>\BluetoothAuthorizationAgent.exe
- 'pr####y-defence.com':80
- '20#.#6.232.182':80
- pr####y-defence.com/notifier/103/af856ace-7b5d-431d-9f9a-1f1e10e60182.gif
- 20#.#6.232.182/
- DNS ASK pr####y-defence.com
- DNS ASK windowsupdate.microsoft.com
- ClassName: 'SysListView32' WindowName: ''