Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'CoreShell' = '{EF7652A4-98EF-5031-226B-11456C96A7EA}'
- '<SYSTEM32>\rundll32.exe' "%TEMP%\twain32.dll",#1
- %CommonProgramFiles%\System\coreshell.dll
- %TEMP%\twain32.dll
- %TEMP%\twain32.dll