Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'omg' = '<SYSTEM32>\shutdown.exe -s -f -t 60 -c "PC are hacked by Zero Cool. You Fucking Dumb Ass! Shit PC are doom! hahaha... How dumb are you! fuck me! with your pussy!"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lol' = 'C:\doomday.vbs'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\execute.cmd""
- '%WINDIR%\regedit.exe' /s "%HOMEPATH%\Local Settings\Temp.\regfile.reg"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\voiceexe.vbs"
- %TEMP%\1.tmp\execute.cmd
- C:\autorun.inf
- <Текущая директория>\doomday.vbs
- %TEMP%\regfile.reg
- %WINDIR%\voiceexe.vbs
- %APPDATA%\Microsoft\Speech\Files\UserLexicons\SP_87E6FB6531D54223B58B1FC109223DCB.dat
- %TEMP%\regfile.reg
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'