Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'sp3_bak.dll'
- '<SYSTEM32>\jjmClient.exe'
- '<SYSTEM32>\rundll32.exe' magicdel.dll,_MagicDel@16 <Полный путь к вирусу>
- <SYSTEM32>\jjmrun.exe
- <SYSTEM32>\EncryptOverLay.dll
- <SYSTEM32>\OnLineDecTray.exe
- <SYSTEM32>\rewindow.exe
- <SYSTEM32>\jjmClient.exe
- <SYSTEM32>\sp3_bak.log
- <SYSTEM32>\magicdel.dll
- <SYSTEM32>\XYNTService.ini
- <SYSTEM32>\CheckMac
- <SYSTEM32>\FileSecManagerUser.exe
- <SYSTEM32>\sp3_bak.dll
- <SYSTEM32>\sp3_bak.ini
- <SYSTEM32>\IVOSetup.log
- <SYSTEM32>\OAjmuiop.dll
- <SYSTEM32>\jjmntasksys.dll
- <SYSTEM32>\kz.{21ec2020-3aea-1069-a2dd-08002b30309d}\ctrl.dat
- <SYSTEM32>\unjjmclient.exe
- <SYSTEM32>\jjmwuServer.dll
- <SYSTEM32>\versioninfo.dll
- <SYSTEM32>\magicdel.dll
- <SYSTEM32>\magicdel.dll
- '10.#0.2.24':4089