Техническая информация
- <SYSTEM32>\dllcache\midimap.dll файлом <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- %WINDIR%\Explorer.EXE
- %TEMP%\ILFVXP3jFqp9Ckq.dll
- %TEMP%\f7sDb8iZNiqSw34.dll
- %TEMP%\ymEv6fYBUfoJfBi.dll
- %TEMP%\Er4kwI9Xtcnnp4M.dll
- %TEMP%\eRCKO2rrdhnbMcb.dll
- %TEMP%\43KZn0D4a0tWUHm.dll
- %TEMP%\UbL4UduULxuE2q8.dll
- %TEMP%\kb50KFjljosh5if.dll
- %TEMP%\6Y9oBsQt8frAFbI.dll
- %TEMP%\Q83Oeb8D0rr0eAQ.dll
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\dllcache\ksuser.dll
- <SYSTEM32>\yumidimap.dll
- <SYSTEM32>\CRNJEUFU8.dll
- <SYSTEM32>\CRNJEUFU.ime
- %TEMP%\Zx1fmu5aHTlG740.dll
- %TEMP%\tI29FeY09em5WbE.dll
- %TEMP%\65Mrj5IpNckvFsm.dll
- %TEMP%\S46gai0ylTjPdkP.dll
- %TEMP%\mc7G3SaVcQk7wJe.dll
- <SYSTEM32>\CRNJEUFU8.dll
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\midimap.dll
- <SYSTEM32>\dllcache\midimap.dll
- из <Полный путь к вирусу> в C:\RECYCLER\188859.tmp
- ClassName: 'CicLoaderWndClass' WindowName: ''