Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:/Windows/System32/Programm.exe'
- <SYSTEM32>\msvcr71.dll
- '<SYSTEM32>\Programm.exe'
- '<SYSTEM32>\taskkill.exe' /F /IM System
- '<SYSTEM32>\taskkill.exe' /F /IM System Idle Process
- '<SYSTEM32>\taskkill.exe' /F /IM explorer.exe
- System
- %WINDIR%\Explorer.EXE
- %TEMP%\devels\7b6dbea1e33dc2b242edc0e3ade5d702\engine.php
- %TEMP%\10364751.~ph
- %TEMP%\devels\7b6dbea1e33dc2b242edc0e3ade5d702.phpe2
- %TEMP%\devels\7b6dbea1e33dc2b242edc0e3ade5d702\include.php
- %TEMP%\PSE11\php\modules\php_bz2.dll
- %TEMP%\PSE11\7B6DBEA1E33DC2B242EDC0E3ADE5D702\php.ini
- <SYSTEM32>\Programm.exe
- %TEMP%\PSE11\php\modules\php_bcompiler.dll
- %TEMP%\PSE11\php\php5ts.dll
- %TEMP%\PSE11\7B6DBEA1E33DC2B242EDC0E3ADE5D702\php.ini
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''