Техническая информация
- %WINDIR%\Tasks\imbdhsd.job
- '%TEMP%\greddfe.exe'
- '<SYSTEM32>\notepad.exe' %HOMEPATH%\My Documents\DecryptAllFiles 151671.txt
- %HOMEPATH%\My Documents\DecryptAllFiles 151671.txt
- %HOMEPATH%\My Documents\AllFilesAreLocked 151671.bmp
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\desktop.ini
- %APPDATA%\Identities\wqnwaoa
- %TEMP%\greddfe.exe
- %HOMEPATH%\My Documents\dpedqad.html
- %WINDIR%\Tasks\imbdhsd.job
- %WINDIR%\Tasks\imbdhsd.job
- %TEMP%\greddfe.exe в %TEMP%\greddfe.exe.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''