Техническая информация
- [<HKLM>\SOFTWARE\wow6432node\microsoft\windows\CurrentVersion\Run] 'ЙщїЁёЁЦъ·юОс' = 'C:\PerfLogs\pagefile.exe'
- '<SYSTEM32>\taskkill.exe' /f /im DBC.exe
- C:\PerfLogs\pagefile.exe
- C:\PerfLogs\bfcucore.dll
- <ANALYSETOOLS_DIR>\LoadLib\test.bat
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c <ANALYSETOOLS_DIR>\LoadLib\test.bat