Техническая информация
- <SYSTEM32>\dllcache\midimap.dll файлом <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- %WINDIR%\Explorer.EXE
- %TEMP%\QbOHxJb3dOo15Jv.dll
- %TEMP%\kBPrd46MUapjcs3.dll
- %TEMP%\fh7KnvC59GnUTCY.dll
- %TEMP%\6G9uUftUsRnCmlo.dll
- %TEMP%\4kfS7gggFXqX2QH.dll
- %TEMP%\CWFYCtdOkYsObdr.dll
- %TEMP%\crUvtdFibdt79B0.dll
- %TEMP%\U5a3gQO76dqGY0P.dll
- %TEMP%\oebd946dqar5rYe.dll
- %TEMP%\IvaOk7WK0Om3jtL.dll
- <SYSTEM32>\yumidimap.dll
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\CRNJEUFU8.dll
- <SYSTEM32>\CRNJEUFU.ime
- <SYSTEM32>\dllcache\ksuser.dll
- %TEMP%\e2JDbjKSOFkdtmy.dll
- %TEMP%\yaYnITo19DlLCKD.dll
- %TEMP%\qaeu5GxIdCjUcud.dll
- %TEMP%\ESIc86d3d4koMDr.dll
- <SYSTEM32>\CRNJEUFU8.dll
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\midimap.dll
- <SYSTEM32>\dllcache\midimap.dll
- из <Полный путь к вирусу> в C:\RECYCLER\185953.tmp
- ClassName: 'CicLoaderWndClass' WindowName: ''