Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{4AF17D54-3E3F-474F-AD65-46B82EB5B8C5}' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] '%WINDIR%\fonts\rmhxzhup.dll' = '{4AF17D54-3E3F-474F-AD65-46B82EB5B8C5}'
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\fonts\rmhxzhup.dll"
- Библиотека-обработчик для всех процессов: %WINDIR%\fonts\rmhxzhup.dll
- %WINDIR%\Fonts\gbkx01.nls
- %WINDIR%\Fonts\rmhxzhup.tmp
- %WINDIR%\Fonts\rmhxzhup.tmp в %WINDIR%\Fonts\rmhxzhup.dll