ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.Siggen9.32155

Added to the Dr.Web virus database: 2020-04-02

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\System\CurrentControlSet\Control\Print\Monitors\RICOH Language Monitor2] 'Driver' = 'rc4mon64.dll'
Modifies file system
Creates the following files
  • %TEMP%\7zs49064170\1_1_1582619684_1582641612.msi
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7289.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set72c8.tmp
  • <SYSTEM32>\spool\prtprocs\x64\1\set72f8.tmp
  • <SYSTEM32>\set7318.tmp
  • <SYSTEM32>\spool\prtprocs\x64\rc00c1b1.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d100.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d130.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d13a.rcd
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d1jp.chm
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7248.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7278.tmp
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d1jp.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc4mon64.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d140.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rcinst.ini
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d172.ini
  • <SYSTEM32>\spool\drivers\x64\3\new\sp631d64.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\ricdb64.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\mfricr64.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc4man64.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\trackid.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74c1xx.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74c124.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7209.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71f8.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71d8.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6ea5.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6ee5.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6f34.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6f54.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6f74.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6fb4.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7003.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7023.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7053.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7073.tmp
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\oem2.cat
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7084.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set70c4.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set70d5.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7114.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7135.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7155.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7166.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7176.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7196.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71a7.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71c7.tmp
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set70a4.tmp
  • <SYSTEM32>\spool\drivers\x64\3\new\ricjc64.dll
  • <SYSTEM32>\spool\drivers\x64\3\new\rc00c150.dll
  • %PROGRAMDATA%\ricoh\pdplog\printername.csv
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d1a0.dat
  • C:\_rpcs\rc74d191.rsq
  • C:\_rpcs\rc74d192.rsq
  • C:\_rpcs\rc74d193.rsq
  • C:\_rpcs\rc74d194.rsq
  • C:\_rpcs\rc74d195.rsq
  • C:\_rpcs\rc74d196.rsq
  • C:\_rpcs\rc74d197.rsq
  • C:\_rpcs\rc74d180.rsr
  • C:\_rpcs\rc74d183.rsr
  • C:\_rpcs\rc74d182.rsd
  • C:\_rpcs\rc74d190.rsq
  • C:\_rpcs\rc74d181.rsr
  • C:\_rpcs\rc74d190.rsr
  • C:\_rpcs\rc74d191.rsr
  • C:\_rpcs\rc74d192.rsr
  • C:\_rpcs\rc74d193.rsr
  • C:\_rpcs\rc74d194.rsr
  • C:\_rpcs\rc74d195.rsr
  • C:\_rpcs\rc74d196.rsr
  • C:\_rpcs\rc74d197.rsr
  • <SYSTEM32>\ricdb.ini
  • C:\_rpcs\rc74d184.rsr
  • C:\_rpcs\rc74d182.rsr
  • C:\_rpcs\rc74d184.rsd
  • C:\_rpcs\rc74d181.rsd
  • C:\_rpcs\rc74d183.rsd
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d171.rsb
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d18z.rsd
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d19z.rsq
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d13a.rcs
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d13a.bcs
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d13b.rcd
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d13b.rcs
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74d13b.bcs
  • %TEMP%\dmib553.tmp.log.xml
  • %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\noncritical_x64_aa436dfba5391a89ce6aa10dfff75b811684387_cab_0a41ba25\dmib553.tmp.log.xml
  • <SYSTEM32>\spool\drivers\x64\3\new\rc74c170.dat
  • %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\noncritical_x64_aa436dfba5391a89ce6aa10dfff75b811684387_cab_0a41ba25\oem2.inf
  • %TEMP%\dmic225.tmp.log.xml
  • %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\noncritical_x64_e5db33e6c4728e0eae611166eecf52394ac7936_cab_0a41c2c0\dmic225.tmp.log.xml
  • %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\noncritical_x64_e5db33e6c4728e0eae611166eecf52394ac7936_cab_0a41c2c0\oem2.inf
  • %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\noncritical_x64_e5db33e6c4728e0eae611166eecf52394ac7936_cab_0a41c2c0\report.wer
  • <SYSTEM32>\rpcs.ini
  • %PROGRAMDATA%\ricoh\rpcs.ini
  • C:\_rpcs\rc00c170.ini
  • C:\_rpcs\rc74d170.ini
  • <SYSTEM32>\spool\drivers\x64\3\rc74d172.ini
  • C:\_rpcs\rc74d180.rsd
  • %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\noncritical_x64_aa436dfba5391a89ce6aa10dfff75b811684387_cab_0a41ba25\report.wer
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setefef.tmp
  • <SYSTEM32>\spool\drivers\x64\3\new\jcui64.exe
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\seteeb6.tmp
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74c170.dat
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d140.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d164.cat
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d164.dsc
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc00c150.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d164.inf
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d171.rsb
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d172.ini
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d18z.rsd
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d19z.rsq
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d13b.rcd
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d13b.rcs
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d1a0.dat
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rcinst.ini
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\readme.htm
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc00c1b1.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\ricdb64.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\ricjc64.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\sp631d64.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\trackid.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc4man64.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc4mon64.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d1jp.chm
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d1jp.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d13b.bcs
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d13a.rcs
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d13a.rcd
  • %TEMP%\7zs49064170\1_1_1582619684.ini
  • %TEMP%\7zs49064170\1_1_1582619684.7zcnf
  • %TEMP%\7zs49064170\rp_tools_lng.irc
  • %TEMP%\7zs49064170\rqno3zt1.rsb
  • %TEMP%\7zs49064170\pinst.exe
  • %TEMP%\7zs49064170\riusrswitcher.exe
  • %TEMP%\7zs49064170\libeay32.dll
  • %PROGRAMDATA%\ricoh\pdplog\operation.log
  • %PROGRAMDATA%\ricoh\pdplog\dkgbjceppyx_04022020_151906.riusrswitcher.log
  • %PROGRAMDATA%\ricoh\pdplog\dkgbjceppyx_04022020_151908_pinst_silent.log
  • %TEMP%\7zs49064170\pinst.bat
  • %PROGRAMDATA%\ricoh\rp_tools_lng.irc
  • C:\_rputil_silent.dat
  • %PROGRAMDATA%\ricoh\msilog\dkgbjceppyx_04022020_151908_msi_silent.log
  • %PROGRAMDATA%\ricoh\pdplog\dkgbjceppyx_04022020_151910.rpicheck.log
  • %PROGRAMDATA%\ricoh\rpicheck.ini
  • %ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\rputil.exe
  • %ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\difxapi.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\jcui64.exe
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\mfricr64.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d130.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d13a.bcs
  • %PROGRAMDATA%\ricoh\pdpini\1_1_1582619684.ini
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74c124.dll
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74c1xx.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setec24.tmp
  • %ProgramFiles(x86)%\ricoh\printer\1582619682_08-12-2016\disk1\rc74d100.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd068.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd1c1.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd31a.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd492.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd5bc.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd715.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd83e.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd939.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setdab1.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcd69.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcf1f.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setdc49.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete053.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete1ac.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete2f5.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete43e.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete587.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete6ef.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete819.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete943.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setea9c.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setddc1.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setdedb.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcc2f.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcb15.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setc97e.tmp
  • %ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\crefrcxport.exe
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zt0.rsd
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu3.rsq
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu4.rsq
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu5.rsq
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu6.rsq
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu7.rsq
  • <SYSTEM32>\spool\drivers\x64\3\片面_ヘッダ_mono.lst
  • <SYSTEM32>\spool\drivers\x64\3\片面_ヘッダ_mono.rst
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zt1.rsb
  • %ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\irc\rp_tools_lng.irc
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zt1.rsd
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zt3.rsd
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zt4.rsd
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu0.rsq
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu1.rsq
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zu2.rsq
  • %ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\1_1_1582619684.ini
  • %ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\rqno3zt1.rsb
  • %PROGRAMDATA%\ricoh\pdplog\dkgbjceppyx_04022020_151912.rputil.log
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setc6fb.tmp
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setc825.tmp
  • <SYSTEM32>\spool\drivers\x64\3\rqno3zt2.rsd
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\seted6d.tmp
  • %PROGRAMDATA%\ricoh\pdplog\dkgbjceppyx_04022020_152038.rpicheck.log
Sets the 'hidden' attribute to the following files
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\oem2.cat
Deletes the following files
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\jcui64.exe
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d1jp.chm
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d1a0.dat
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d19z.rsq
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d18z.rsd
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d172.ini
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d171.rsb
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d140.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13b.rcs
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13b.rcd
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13b.bcs
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13a.rcs
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13a.rcd
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13a.bcs
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d130.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d100.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74c170.dat
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74c1xx.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d1jp.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rcinst.ini
  • %TEMP%\7zs49064170\riusrswitcher.exe
  • %TEMP%\7zs49064170\pinst.exe
  • %TEMP%\7zs49064170\pinst.bat
  • %TEMP%\7zs49064170\libeay32.dll
  • %TEMP%\7zs49064170\1_1_1582619684.ini
  • %TEMP%\7zs49064170\1_1_1582619684.7zcnf
  • C:\_rputil_silent.dat
  • %PROGRAMDATA%\ricoh\pdpini\1_1_1582619684.ini
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rcinst.ini
  • %TEMP%\7zs49064170\1_1_1582619684_1582641612.msi
  • %TEMP%\dmic225.tmp.log.xml
  • %TEMP%\dmib553.tmp.log.xml
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\trackid.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\sp631d64.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\ricjc64.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\ricdb64.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74c124.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc4mon64.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc4man64.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13b.bcs
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13a.rcs
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13a.rcd
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13a.bcs
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d130.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d100.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74c1xx.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74c170.dat
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74c124.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc4mon64.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc4man64.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc00c1b1.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc00c150.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\mfricr64.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13b.rcs
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d140.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13b.rcd
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d164.cat
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc00c150.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d164.inf
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\mfricr64.dll
  • <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\jcui64.exe
  • <SYSTEM32>\spool\prtprocs\x64\1\rc00c1b1.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\trackid.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sp631d64.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\ricjc64.dll
  • %PROGRAMDATA%\ricoh\rp_tools_lng.irc
  • %TEMP%\7zs49064170\rp_tools_lng.irc
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d1jp.dll
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d1jp.chm
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d1a0.dat
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d19z.rsq
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d18z.rsd
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d172.ini
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d171.rsb
  • %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\ricdb64.dll
  • %TEMP%\7zs49064170\rqno3zt1.rsb
Moves the following system files
  • from <SYSTEM32>\catroot2\edb00562.log to <SYSTEM32>\catroot2\edbtmp.log
  • from <SYSTEM32>\catroot2\edb.log to <SYSTEM32>\catroot2\edb00563.log
Moves the following files
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setc6fb.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d18z.rsd
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d1jp.dll to <SYSTEM32>\spool\drivers\x64\3\rc74d1jp.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d1jp.chm to <SYSTEM32>\spool\drivers\x64\3\rc74d1jp.chm
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d13a.rcd to <SYSTEM32>\spool\drivers\x64\3\rc74d13a.rcd
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d130.dll to <SYSTEM32>\spool\drivers\x64\3\rc74d130.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d100.dll to <SYSTEM32>\spool\drivers\x64\3\rc74d100.dll
  • from <SYSTEM32>\set7318.tmp to <SYSTEM32>\rc4mon64.dll
  • from <SYSTEM32>\spool\prtprocs\x64\1\set72f8.tmp to <SYSTEM32>\spool\prtprocs\x64\1\rc00c1b1.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set72c8.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13b.bcs
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7289.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13b.rcs
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7278.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13b.rcd
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7248.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13a.bcs
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7209.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13a.rcs
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71f8.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d13a.rcd
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71d8.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d19z.rsq
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71c7.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d18z.rsd
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set71a7.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d171.rsb
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7196.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74c170.dat
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7176.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d1a0.dat
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7166.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc00c150.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7135.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\ricjc64.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7155.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\jcui64.exe
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74c1xx.dll to <SYSTEM32>\spool\drivers\x64\3\rc74c1xx.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74c124.dll to <SYSTEM32>\spool\drivers\x64\3\rc74c124.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d13b.rcd to <SYSTEM32>\spool\drivers\x64\3\rc74d13b.rcd
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d13a.bcs to <SYSTEM32>\spool\drivers\x64\3\rc74d13a.bcs
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d13a.rcs to <SYSTEM32>\spool\drivers\x64\3\rc74d13a.rcs
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d19z.rsq to <SYSTEM32>\spool\drivers\x64\3\rc74d19z.rsq
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d18z.rsd to <SYSTEM32>\spool\drivers\x64\3\rc74d18z.rsd
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d171.rsb to <SYSTEM32>\spool\drivers\x64\3\rc74d171.rsb
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74c170.dat to <SYSTEM32>\spool\drivers\x64\3\rc74c170.dat
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d1a0.dat to <SYSTEM32>\spool\drivers\x64\3\rc74d1a0.dat
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc00c150.dll to <SYSTEM32>\spool\drivers\x64\3\rc00c150.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\ricjc64.dll to <SYSTEM32>\spool\drivers\x64\3\ricjc64.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6ee5.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d130.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\trackid.dll to <SYSTEM32>\spool\drivers\x64\3\trackid.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc4man64.dll to <SYSTEM32>\spool\drivers\x64\3\rc4man64.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\mfricr64.dll to <SYSTEM32>\spool\drivers\x64\3\mfricr64.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\ricdb64.dll to <SYSTEM32>\spool\drivers\x64\3\ricdb64.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\sp631d64.dll to <SYSTEM32>\spool\drivers\x64\3\sp631d64.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d172.ini to <SYSTEM32>\spool\drivers\x64\3\rc74d172.ini
  • from <SYSTEM32>\spool\drivers\x64\3\new\rcinst.ini to <SYSTEM32>\spool\drivers\x64\3\rcinst.ini
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d140.dll to <SYSTEM32>\spool\drivers\x64\3\rc74d140.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc4mon64.dll to <SYSTEM32>\spool\drivers\x64\3\rc4mon64.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7114.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\trackid.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set70d5.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc4man64.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set70c4.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\mfricr64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setdedb.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d164.inf
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setddc1.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d164.cat
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setdc49.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74c124.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setdab1.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d140.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd939.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d130.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd83e.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74c170.dat
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd715.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d100.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd5bc.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc00c150.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd492.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\jcui64.exe
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd31a.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\mfricr64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd1c1.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\trackid.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setd068.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74c1xx.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcf1f.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc4mon64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcd69.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d1jp.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcc2f.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc4man64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setcb15.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d1jp.chm
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setc97e.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d19z.rsq
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setc825.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rcinst.ini
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete1ac.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d171.rsb
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete2f5.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sp631d64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete053.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d172.ini
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete43e.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc00c1b1.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set70a4.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\ricdb64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete587.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d1a0.dat
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7084.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\sp631d64.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7073.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d172.ini
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7053.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rcinst.ini
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7023.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d140.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set7003.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc4mon64.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6fb4.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74c124.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6f74.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74c1xx.dll
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6f54.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d1jp.dll
  • from <SYSTEM32>\spool\drivers\x64\3\new\jcui64.exe to <SYSTEM32>\spool\drivers\x64\3\jcui64.exe
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d13b.rcs to <SYSTEM32>\spool\drivers\x64\3\rc74d13b.rcs
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6ea5.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d100.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setefef.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13b.rcs
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\seteeb6.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\ricjc64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\seted6d.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13a.rcs
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setec24.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\ricdb64.dll
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\setea9c.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13b.rcd
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete943.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13b.bcs
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete819.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13a.rcd
  • from %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\sete6ef.tmp to %TEMP%\{42c432c9-2069-07ff-5146-7413312c202f}\rc74d13a.bcs
  • from <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\set6f34.tmp to <SYSTEM32>\spool\drivers\x64\{a811d532-d556-47cd-b9be-b205412b9c4e}\rc74d1jp.chm
  • from <SYSTEM32>\spool\drivers\x64\3\new\rc74d13b.bcs to <SYSTEM32>\spool\drivers\x64\3\rc74d13b.bcs
Network activity
UDP
  • '16#.#6.238.68':161
Miscellaneous
Creates and executes the following
  • '%TEMP%\7zs49064170\riusrswitcher.exe' /C "PINST.exe" /H /A /A nocheck /S
  • '%TEMP%\7zs49064170\pinst.exe'
  • '%ProgramFiles(x86)%\ricoh\queue\{c8c90931-251f-4c8e-8232-aaf21d7394c4}_1_1_1582619684\rputil.exe' -i -e -f 1_1_1582619684.ini
  • '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\7zS49064170\PINST.exe"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\7zS49064170\PINST.bat"' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\7zS49064170\PINST.exe"
  • '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\7zS49064170\PINST.bat"
  • '%WINDIR%\syswow64\cmd.exe' /S /D /c" VER "
  • '%WINDIR%\syswow64\find.exe' "XP"
  • '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\RICOH\PDPLOG\Operation.log" /grant everyone:F
  • '%WINDIR%\syswow64\msiexec.exe' /i 1_1_1582619684_1582641612.msi /norestart /q /l*vx+ "%PROGRAMDATA%\RICOH\msilog\dkgbjceppyx_04022020_151908_msi_silent.log" SILENTMODE="ON"
  • '<SYSTEM32>\rundll32.exe' <SYSTEM32>\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{67115539-46a4-4da8-a847-9a957d08a543} "(null)"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play