Техническая информация
- '%TEMP%\1.exe'
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Roaming\gnupg\*."
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Roaming\gnupg"
- '<SYSTEM32>\chcp.com' 866
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cpt.cmd" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- '<SYSTEM32>\attrib.exe' +s +h random_seed.cmd
- %TEMP%\w.1
- %APPDATA%\Roaming\gnupg\pubring.gpg
- %TEMP%\iconv.dll
- %TEMP%\7ZSfx000.cmd
- %TEMP%\cptbase.bin
- %TEMP%\br8224.tmp
- %APPDATA%\Roaming\gnupg\trustdb.gpg
- %TEMP%\cpt.lst
- %TEMP%\svchost.exe
- %TEMP%\pubring.gpg
- %TEMP%\trustdb.gpg
- %TEMP%\1.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
- %TEMP%\UNCRYPT.txt
- %TEMP%\text\КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt
- %TEMP%\cpt.cmd
- %TEMP%\random_seed
- %TEMP%\random_seed.cmd
- %TEMP%\random_seed
- %TEMP%\7ZSfx000.cmd
- %TEMP%\1.exe
- 'my####.atwebpages.com':80
- my####.atwebpages.com/main.php
- DNS ASK my####.atwebpages.com