Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%APPDATA%\traynotify.exe"'
- '<SYSTEM32>\cscript.exe' "%TEMP%\5.tmp.vbs"
- '<SYSTEM32>\cscript.exe' "%TEMP%\6.tmp.vbs"
- '<SYSTEM32>\cscript.exe' "%TEMP%\3.tmp.vbs"
- '<SYSTEM32>\cscript.exe' "%TEMP%\4.tmp.vbs"
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Explorer\IntelliForms\Storage2]
- %APPDATA%\traynotify.exe
- %TEMP%\5.tmp.vbs
- %TEMP%\6.tmp.vbs
- %TEMP%\<Имя вируса>.rar
- %TEMP%\3.tmp.vbs
- %TEMP%\4.tmp.vbs
- %APPDATA%\traynotify.exe
- %TEMP%\5.tmp.vbs
- %TEMP%\4.tmp.vbs
- %TEMP%\3.tmp.vbs
- 'po####.interia.pl':465
- DNS ASK po####.interia.pl