Техническая информация
- <SYSTEM32>\dllcache\midimap.dll файлом <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- %WINDIR%\Explorer.EXE
- wow.exe
- %TEMP%\ciREBiVV5XJtMa7.dll
- %TEMP%\wHapdS7pwUKbf8M.dll
- %TEMP%\pbmwfF97CUIk5im.dll
- %TEMP%\CNQea5oxKLI4p80.dll
- %TEMP%\GccPK5p9gaLPChT.dll
- %TEMP%\L6uxwDcQ3gNfRNx.dll
- %TEMP%\ff3XcxJktsOTkvC.dll
- %TEMP%\bCr1mpIhXdL8bGa.dll
- %TEMP%\2ltaTZ17IjMwuoq.dll
- <SYSTEM32>\yumidimap.dll
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\CRNJEUFU10.dll
- <SYSTEM32>\CRNJEUFU.ime
- <SYSTEM32>\dllcache\ksuser.dll
- %TEMP%\4SblcsxTbLGDFbP.dll
- %TEMP%\V3lM5benRWH3mAW.dll
- %TEMP%\jquqgJX5l4Rmu6g.dll
- %TEMP%\k8aBv8FvqOTVw94.dll
- <SYSTEM32>\CRNJEUFU10.dll
- <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll
- из <Полный путь к вирусу> в C:\RECYCLER\170781.tmp
- ClassName: 'CicLoaderWndClass' WindowName: ''