Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%APPDATA%\SearchIndexer.exe"'
- '%APPDATA%\SearchIndexer.exe'
- '<SYSTEM32>\cscript.exe' "%TEMP%\5.tmp.vbs"
- '<SYSTEM32>\cscript.exe' "%TEMP%\6.tmp.vbs"
- '<SYSTEM32>\cscript.exe' "%TEMP%\1.tmp.vbs"
- '<SYSTEM32>\cscript.exe' "%TEMP%\2.tmp.vbs"
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Explorer\IntelliForms\Storage2]
- %APPDATA%\SS_2015-10-18 11;08;28
- %TEMP%\2.tmp.vbs
- %TEMP%\6.tmp.vbs
- %TEMP%\5.tmp.vbs
- %APPDATA%\SearchIndexer.exe
- %TEMP%\<Имя вируса>.pdf
- %APPDATA%\LF_2015-10-18 11;08;28
- %TEMP%\1.tmp.vbs
- %APPDATA%\LF_2015-10-18 11;08;28
- %APPDATA%\SS_2015-10-18 11;08;28
- %APPDATA%\SearchIndexer.exe
- %TEMP%\5.tmp.vbs
- %TEMP%\1.tmp.vbs
- 'po###a.o2.pl':587
- DNS ASK po###a.o2.pl