Техническая информация
- '%TEMP%\2.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.vbs"
- ClassName: 'FileMonClass' WindowName: '(null)'
- ClassName: 'RegMonClass' WindowName: '(null)'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- %TEMP%\1.vbs
- %TEMP%\2.exe
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'