Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Pantun Pa Cilong' = '%WINDIR%\dayeuh.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\system.exe"'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\system.exe"'
- %WINDIR%\dayeuh.txt
- %WINDIR%\system\wtask.dll
- %WINDIR%\system\deskjet.dll
- %WINDIR%\system\printer.dll
- <SYSTEM32>\himem32.sys
- %WINDIR%\system.exe
- %WINDIR%\kujang.jpg
- C:\pyrdnqdg.txt
- C:\hkgmdxtn.txt
- <SYSTEM32>\wuapi32.dll
- %WINDIR%\config.ini
- %TEMP%\bogor.vbs
- %WINDIR%\system.txt
- C:\pyrdnqdg.txt
- C:\hkgmdxtn.txt
- ClassName: '' WindowName: 'Aniee'
- '<SYSTEM32>\shutdown.exe' -r -t 2 -c "Wait..."' (со скрытым окном)
- '<SYSTEM32>\shutdown.exe' -r -t 2 -c "Wait..."