Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchost.exe
- %TEMP%\_mei7802\decryptor.exe.manifest
- %TEMP%\_mei7802\microsoft.vc90.crt.manifest
- %TEMP%\_mei7802\_ctypes.pyd
- %TEMP%\_mei7802\_hashlib.pyd
- %TEMP%\_mei7802\bz2.pyd
- %TEMP%\_mei7802\msvcm90.dll
- %TEMP%\_mei7802\msvcp90.dll
- %TEMP%\_mei7802\msvcr90.dll
- %TEMP%\_mei7802\python27.dll
- %TEMP%\_mei7802\select.pyd
- %TEMP%\_mei7802\unicodedata.pyd
- %TEMP%\k2k3ar
- %TEMP%\tmpe3jfzl.exe
- %TEMP%\setup.exe
- %TEMP%\{207d6259-09ad-4ca7-a67e-38e2a175feb2}\{69b787ab-0638-4c01-9ed1-94f194a2f835}.exe
- C:\rakhnidecryptor.1.22.1.0_09.11.2020_20.00.18_log.txt
- %TEMP%\k2k3ar
- %TEMP%\_mei7802\bz2.pyd
- %TEMP%\_mei7802\decryptor.exe.manifest
- %TEMP%\_mei7802\microsoft.vc90.crt.manifest
- %TEMP%\_mei7802\msvcm90.dll
- %TEMP%\_mei7802\msvcp90.dll
- %TEMP%\_mei7802\msvcr90.dll
- %TEMP%\_mei7802\python27.dll
- %TEMP%\_mei7802\select.pyd
- %TEMP%\_mei7802\unicodedata.pyd
- %TEMP%\_mei7802\_ctypes.pyd
- %TEMP%\_mei7802\_hashlib.pyd
- http://d2##.125mb.com/r.php?id#####################
- http://support.kaspersky.com/viruses/rakhnidecryptor.xml
- DNS ASK d2##.125mb.com
- DNS ASK support.kaspersky.com
- '%TEMP%\tmpe3jfzl.exe'
- '%TEMP%\setup.exe'
- '%TEMP%\{207d6259-09ad-4ca7-a67e-38e2a175feb2}\{69b787ab-0638-4c01-9ed1-94f194a2f835}.exe'