Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SAW:The Game!' = '%TEMP%\locker\\winlocker.exe'
- Диспетчера задач (Taskmgr)
- '<SYSTEM32>\taskkill.exe' /F /IM explorer.exe
- '<SYSTEM32>\taskkill.exe' /F /IM taskmgr.exe
- '<SYSTEM32>\taskkill.exe' /F /IM notepad.exe
- '<SYSTEM32>\notepad.exe' %TEMP%\locker\note.txt
- '%TEMP%\locker\winlocker.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\locker\off.bat" "
- <SYSTEM32>\notepad.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\locker\note.txt
- %TEMP%\locker\saw.ico
- %TEMP%\locker\off.bat
- %TEMP%\PSE20\f7c8fbfbb03c31f3f7fa087f9c717af3\php.ini
- %TEMP%\locker\ext\php_squall.dll
- %TEMP%\locker\squall.dll
- %TEMP%\locker\saw.mp3
- %TEMP%\locker\php5ts.dll
- %TEMP%\locker\winlocker.exe
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''