Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BluetoothAuthorizationAgent' = '<SYSTEM32>\BluetoothAuthorizationAgent.exe'
- %TEMP%\.tt3.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\edfd85e4-8699-4a1f-ab55-c89abe97e6da[1].md5
- %TEMP%\.tt4.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\edfd85e4-8699-4a1f-ab55-c89abe97e6da[1].fail
- %TEMP%\.tt2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\windowsupdate.microsoft[1]
- <SYSTEM32>\mpsjahob.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\edfd85e4-8699-4a1f-ab55-c89abe97e6da[1].exe
- %TEMP%\.tt1.tmp
- %TEMP%\.tt3.tmp
- %TEMP%\.tt2.tmp
- %TEMP%\.tt1.tmp
- из <Полный путь к вирусу> в <SYSTEM32>\BluetoothAuthorizationAgent.exe
- '20#.#61.200.42':80
- '20#.#6.232.182':80
- 20#.#61.200.42/notifier/10038/edfd85e4-8699-4a1f-ab55-c89abe97e6da.md5
- 20#.#61.200.42/notifier/10038/edfd85e4-8699-4a1f-ab55-c89abe97e6da.fail
- 20#.#6.232.182/
- 20#.#61.200.42/notifier/10038/edfd85e4-8699-4a1f-ab55-c89abe97e6da.exe
- DNS ASK windowsupdate.microsoft.com
- ClassName: 'SysListView32' WindowName: ''