Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe,rundll32 shell32 Control_RunDLL "she32.dll"'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\del1.tmp.bat"
- '<SYSTEM32>\rundll32.exe' shell32 Control_RunDLL "she32.dll"
- %TEMP%\del1.tmp.bat
- <SYSTEM32>\she32.dll
- <SYSTEM32>\verclsid.exe
- %WINDIR%\Fonts\217dfa66.ttf
- <SYSTEM32>\verclsid.exe