Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{F6BBDC08-750B-4624-97D4-E9866DAD3B56}' = 'hook dll rising'
- %WINDIR%\Explorer.EXE
- wow.exe
- cabalmain.exe
- elementclient.exe
- ClassName: 'AVP.Product_Notification' WindowName: ''
- ClassName: 'AVP.AlertDialog' WindowName: ''
- %WINDIR%\Fonts\wrdoor0.dll