Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Pfcc] 'Start' = '00000000'
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\88603cb2913a7df3fbd16b5f958e6447_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\7bbf747e-fde9-46d8-9709-9f705a0dac88
- <DRIVERS>\Pfcc.SYS
- <DRIVERS>\Pfcc.SYS