In many runs, especially in Win7+, there are dozens of references to:
"[CreateFolder] Explorer.exe:XXXX > PathToMalware"
The script should have an additional filter, manually implemented into logic, that takes a given malware command line:
"C:\Malware\a.exe"
"%UserProfile\Desktop\Malware\a.exe"
Get os.path.dirname() and use that as a literal (*$) filter.
In many runs, especially in Win7+, there are dozens of references to:
"[CreateFolder] Explorer.exe:XXXX > PathToMalware"
The script should have an additional filter, manually implemented into logic, that takes a given malware command line:
"C:\Malware\a.exe"
"%UserProfile\Desktop\Malware\a.exe"
Get os.path.dirname() and use that as a literal (*$) filter.