Техническая информация
- <SYSTEM32>\dllcache\midimap.dll файлом <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- %WINDIR%\Explorer.EXE
- %TEMP%\5JZdQqCf8Uh02H4.dll
- %TEMP%\Z46ZTfyP3ZiJffI.dll
- %TEMP%\ROISHS8hdLgSJ9h.dll
- %TEMP%\lxJ4y6jFOWgAcip.dll
- %TEMP%\te7w4IajtXj9C8P.dll
- %TEMP%\x7QbgQT1GldNRot.dll
- %TEMP%\L04dj89lOceh477.dll
- %TEMP%\DD9Wd3HHecjqbhe.dll
- %TEMP%\deO8DglaVace9Fl.dll
- %TEMP%\8pGsoiPNmNfembS.dll
- <SYSTEM32>\yumidimap.dll
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\CRNJEUFU2.dll
- <SYSTEM32>\CRNJEUFU.ime
- <SYSTEM32>\dllcache\ksuser.dll
- %TEMP%\JcUaJG3DtLdbjx7.dll
- %TEMP%\e4d4l1ddeWeJ9WF.dll
- %TEMP%\fiRO9sqLICc5tql.dll
- %TEMP%\03S0ccYf9NdmCPs.dll
- <SYSTEM32>\CRNJEUFU2.dll
- <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll
- из <Полный путь к вирусу> в C:\RECYCLER\185500.tmp
- ClassName: 'CicLoaderWndClass' WindowName: ''