Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Java' = '%APPDATA%\GonnaCope.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JavaW' = '%APPDATA%\GonnaCopeCryptor.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JavaR' = '%APPDATA%\GonnaCopeRansNote.exe'
- %APPDATA%\gonnacope.zip
- %APPDATA%\gonnacope.exe
- %APPDATA%\gonnacopecryptor.exe
- %APPDATA%\gonnacoperansnote.exe
- %HOMEPATH%\desktop\1189.jpg
- %HOMEPATH%\desktop\2.jpg
- %HOMEPATH%\desktop\parnas_01.jpg
- %HOMEPATH%\desktop\pushkin.jpg
- %HOMEPATH%\desktop\region-north-karelia.jpg
- %HOMEPATH%\desktop\13.jpeg
- %HOMEPATH%\desktop\168.jpeg
- %HOMEPATH%\desktop\4f0bf7ff71f28.jpeg
- %HOMEPATH%\desktop\pushkin.jpeg
- %HOMEPATH%\desktop\508softwareandos.doc
- %HOMEPATH%\desktop\aoc_saq_d_v3_merchant.docx
- %HOMEPATH%\desktop\applicantform_en.doc
- %HOMEPATH%\desktop\lisp_success.doc
- %HOMEPATH%\desktop\nwfieldnotes1966.docx
- %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
- %HOMEPATH%\desktop\weeklysheet1215.doc
- 'cd#.##scordapp.com':443
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- '%APPDATA%\gonnacopecryptor.exe'
- '%APPDATA%\gonnacope.exe'
- '%APPDATA%\gonnacoperansnote.exe'