Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*CryptoLocker' = '"<LS_APPDATA>\Fpivibovqxopnnv.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CryptoLocker' = '"<LS_APPDATA>\Fpivibovqxopnnv.exe"'
- '<LS_APPDATA>\Fpivibovqxopnnv.exe' -wb0
- '<LS_APPDATA>\Fpivibovqxopnnv.exe' "-r<Полный путь к вирусу>"
- %TEMP%\TRS711F.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\home[1].htm
- %TEMP%\WXB7559.tmp
- %TEMP%\DBXF16A.tmp
- <LS_APPDATA>\Fpivibovqxopnnv.exe
- <LS_APPDATA>\Fpivibovqxopnnv.exe
- %TEMP%\TRS711F.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\home[1].htm
- %TEMP%\DBXF16A.tmp
- %TEMP%\WXB7559.tmp
- 'qd####jvwlalmc.biz':80
- 'cu####tvdsmwvh.net':80
- 'qa####fetwwwsk.org':80
- 'ep####yumbhtvf.ru':80
- 'oi####ewndfovq.com':80
- 'ad####lyowlyvy.org':80
- 'py####ncbecmg.net':80
- 'cx####qxxfgvdx.info':80
- 'ol#####yipyntc.co.uk':80
- DNS ASK qd####jvwlalmc.biz
- DNS ASK cu####tvdsmwvh.net
- DNS ASK qa####fetwwwsk.org
- DNS ASK ep####yumbhtvf.ru
- DNS ASK oi####ewndfovq.com
- DNS ASK ad####lyowlyvy.org
- DNS ASK py####ncbecmg.net
- DNS ASK cx####qxxfgvdx.info
- DNS ASK ol#####yipyntc.co.uk
- ClassName: 'Indicator' WindowName: '(null)'