Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- <SYSTEM32>\dllcache\midimap.dll файлом <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll файлом <SYSTEM32>\midimap.dll
- '%TEMP%\IXP000.TMP\A5c4S9aS.exe'
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- %WINDIR%\Explorer.EXE
- %TEMP%\ckL89M734cdaG2P.dll
- %TEMP%\w6Nci7pTohdInaf.dll
- %TEMP%\CB6XfcVbCeclxTI.dll
- %TEMP%\V5X8vAGRXbaVgjp.dll
- %TEMP%\pQgbctjlIhbRDI5.dll
- %TEMP%\ORC5NwNVItSygZM.dll
- %TEMP%\i1Sg5a6p3qTg68T.dll
- %TEMP%\2ff9K7beAnSd3O9.dll
- %TEMP%\GfcCBkWnefe869m.dll
- %TEMP%\bEdnrT1KPqfpVb8.dll
- %TEMP%\4VWeTWe8geZgNAi.dll
- <SYSTEM32>\CRNJEUFU.ime
- <SYSTEM32>\yumidimap.dll
- <SYSTEM32>\CRNJEUFU8.dll
- %TEMP%\IXP000.TMP\A5c4S9aS.exe
- %TEMP%\IXP000.TMP\tlmf.exe
- %TEMP%\QbFTK9F95VYAX3L.dll
- %TEMP%\kwG4mmwZwSZyqcb.dll
- %TEMP%\4jbXGKZP4QXpnk8.dll
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\dllcache\ksuser.dll
- <SYSTEM32>\CRNJEUFU8.dll
- <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll
- %TEMP%\IXP000.TMP\A5c4S9aS.exe в C:\RECYCLER\171500.tmp
- ClassName: 'CicLoaderWndClass' WindowName: ''