Malware

Virus with GPG encryption

A friend of mine received an email with an attachment the other day. The attachment contained a *.doc.js file, which was launched and, of course, turned out to be a virus. The virus is somewhat similar to the one described in this article , but still it's not him. Judging by the contents of this script and other files related to the virus, this virus works like this:
1. Downloads the necessary files. Among them is the program gpg.exe (in the original svchost.exe), the iconv.dll library for it, some trustdb.gpg database for it, and the necessary scripts for the command line.
2. Then, using the downloaded scripts, it generates keys and a list of files that need to be encrypted.
3. Encrypts files on the computer using gpg.exe and renames them by adding email.
I managed to understand this after I looked through the scripts of the virus. I put iconv.dll, trustdb.gpg and gpg.exe in the same folder and tried to decrypt it by changing the original command from the cptbase.cmd script:

svchost.exe -r unstyx --yes --trust-model always --no-verbose -q --decrypt-files "[email protected]_com"

Of course, none of this worked and I got the error gpg: decryption failed: secret key not available.
I guess that he needs to slip the key, and the key can be calculated from the virus scripts. But here I no longer have enough knowledge and experience. Please tell me what to do next to recover encrypted files?
All extracted files in the archive uploaded here . Of course, one must be extremely careful when opening the files of this archive. The password for the archive is 12345.