Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JavaW' = '%APPDATA%\GonnaCopeCryptor.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Java' = '%APPDATA%\GonnaCope.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JavaR' = '%APPDATA%\GonnaCopeRansNote.exe'
- %APPDATA%\gonnacopecryptor.exe
- %APPDATA%\gonnacope.exe
- %APPDATA%\gonnacoperansnote.exe
- %HOMEPATH%\desktop\adhd_and_obesity.docx
- %HOMEPATH%\desktop\applicantform_en.doc
- %HOMEPATH%\desktop\cveuropeo.doc
- %HOMEPATH%\desktop\glidescope_review_rev_010.docx
- %HOMEPATH%\desktop\sdszfo.docx
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
- %HOMEPATH%\desktop\weeklysheet1215.doc
- 'cd#.##scordapp.com':443
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- '%APPDATA%\gonnacopecryptor.exe'
- '%APPDATA%\gonnacope.exe'
- '%APPDATA%\gonnacoperansnote.exe'