Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\INJ1.tmp' = '%TEMP%\INJ1.tmp:*:enabled:@shell32.dll,-1'
- %WINDIR%\Explorer.EXE
- %TEMP%\INJ1.tmp
- '%TEMP%\INJ1.tmp'
- '<SYSTEM32>\cmd.exe' /c \"C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\INJ1.tmp\"