Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*CryptoLocker' = '"<LS_APPDATA>\Fpivibovqxopnnv.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CryptoLocker' = '"<LS_APPDATA>\Fpivibovqxopnnv.exe"'
- '<LS_APPDATA>\Fpivibovqxopnnv.exe' -wac
- '<LS_APPDATA>\Fpivibovqxopnnv.exe' "-r<Полный путь к вирусу>"
- %TEMP%\PPD63B1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\home[1].htm
- %TEMP%\YVN9F77.tmp
- %TEMP%\SQQD782.tmp
- <LS_APPDATA>\Fpivibovqxopnnv.exe
- <LS_APPDATA>\Fpivibovqxopnnv.exe
- %TEMP%\PPD63B1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\home[1].htm
- %TEMP%\SQQD782.tmp
- %TEMP%\YVN9F77.tmp
- 'ub####sqfpfnpnl.org':80
- DNS ASK gj####mheskdok.ru
- DNS ASK ub####sqfpfnpnl.org
- ClassName: 'Indicator' WindowName: '(null)'