Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{42CC4CC3-854C-437C-94EC-3E629F656F3F}' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] '%WINDIR%\fonts\rurhdyql.dll' = '{42CC4CC3-854C-437C-94EC-3E629F656F3F}'
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\fonts\rurhdyql.dll"
- Библиотека-обработчик для всех процессов: %WINDIR%\fonts\rurhdyql.dll
- %WINDIR%\Fonts\GBUNHAK.nls
- %WINDIR%\Fonts\rurhdyql.tmp
- %WINDIR%\Fonts\rurhdyql.tmp в %WINDIR%\Fonts\rurhdyql.dll