Техническая информация
- '%TEMP%\explorer.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cleen.bat" "
- ClassName: 'OLLYDBG' WindowName: '(null)'
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\africa.bmp
- %TEMP%\cleen.bat
- %APPDATA%\Roaming\africa.bmp
- %TEMP%\explorer.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe
- %TEMP%\explorer.exe
- ClassName: 'SystemTray_Main' WindowName: '(null)'