Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winparadoxia' = '%APPDATA%\winparadoxia\WindowsParadoxia.exe'
- <Имя диска съемного носителя>:\windowsdefender.exe
- %TEMP%\_mei28402\hangaround.exe.manifest
- %TEMP%\_mei28402\vcruntime140.dll
- %TEMP%\_mei28402\_bz2.pyd
- %TEMP%\_mei28402\_hashlib.pyd
- %TEMP%\_mei28402\_lzma.pyd
- %TEMP%\_mei28402\_socket.pyd
- %TEMP%\_mei28402\_ssl.pyd
- %TEMP%\_mei28402\libcrypto-1_1.dll
- %TEMP%\_mei28402\libssl-1_1.dll
- %TEMP%\_mei28402\pyexpat.pyd
- %TEMP%\_mei28402\python37.dll
- %TEMP%\_mei28402\select.pyd
- %TEMP%\_mei28402\unicodedata.pyd
- %TEMP%\_mei28402\base_library.zip
- <Текущая директория>\paradoxia.exe
- %APPDATA%\winparadoxia\windowsparadoxia.exe
- %TEMP%\_mei28402\base_library.zip
- %TEMP%\_mei28402\hangaround.exe.manifest
- %TEMP%\_mei28402\libcrypto-1_1.dll
- %TEMP%\_mei28402\libssl-1_1.dll
- %TEMP%\_mei28402\pyexpat.pyd
- %TEMP%\_mei28402\python37.dll
- %TEMP%\_mei28402\select.pyd
- %TEMP%\_mei28402\unicodedata.pyd
- %TEMP%\_mei28402\vcruntime140.dll
- %TEMP%\_mei28402\_bz2.pyd
- %TEMP%\_mei28402\_hashlib.pyd
- %TEMP%\_mei28402\_lzma.pyd
- %TEMP%\_mei28402\_socket.pyd
- %TEMP%\_mei28402\_ssl.pyd
- '<LOCALNET>.10.2':8000
- http://bo#.####ismyipaddress.com/
- DNS ASK google.com
- DNS ASK bo#.####ismyipaddress.com
- '<Текущая директория>\paradoxia.exe'