Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*CryptoLocker' = '"<LS_APPDATA>\Fpivibovqxopnnv.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CryptoLocker' = '"<LS_APPDATA>\Fpivibovqxopnnv.exe"'
- '<LS_APPDATA>\Fpivibovqxopnnv.exe' -wac
- '<LS_APPDATA>\Fpivibovqxopnnv.exe' "-r<Полный путь к вирусу>"
- %TEMP%\OPV6A18.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\home[1].htm
- %TEMP%\VTZDDA1.tmp
- %TEMP%\LLKED75.tmp
- <LS_APPDATA>\Fpivibovqxopnnv.exe
- <LS_APPDATA>\Fpivibovqxopnnv.exe
- %TEMP%\OPV6A18.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\home[1].htm
- %TEMP%\LLKED75.tmp
- %TEMP%\VTZDDA1.tmp
- 'xx####ntkpvei.net':80
- DNS ASK rf####shwckm.co.uk
- DNS ASK eu####wsgobs.org
- DNS ASK ie###cppakrq.ru
- DNS ASK ik####wujwav.net
- DNS ASK ta####rrnvdn.com
- DNS ASK gp####vdwitt.info
- DNS ASK hi####fdiaaw.biz
- DNS ASK ds####fbfrbt.co.uk
- DNS ASK dw####qpivga.org
- DNS ASK xx####ntkpvei.net
- DNS ASK hm####qrlefd.net
- DNS ASK gq####gfttnj.com
- DNS ASK eo####pnwcsn.info
- ClassName: 'Indicator' WindowName: '(null)'