Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Name0' = '<Full path to file>'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Name1' = '<Full path to file>'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Name2' = '<Full path to file>'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Name3' = '<Full path to file>'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Name0' = '%APPDATA%\BTTST4.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Name1' = '%APPDATA%\BTTST4.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Name2' = '%APPDATA%\BTTST4.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Name3' = '%APPDATA%\BTTST4.exe'
- %APPDATA%\bttst1.exe
- %APPDATA%\bttst2.exe
- %APPDATA%\bttst3.exe
- %APPDATA%\bttst4.exe
- 'ki#####str.comuv.com':80
- http://ki#####str.comuv.com/BTHeaderMgr.txt
- http://ki#####str.comuv.com/AP/info.php?In#######################################################################################################################################################...
- DNS ASK ki#####str.comuv.com
- '%APPDATA%\bttst4.exe'
- '%APPDATA%\bttst4.exe' ' (with hidden window)