Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'CoreShell' = '{EF7652A4-98EF-5031-226B-11456C96A7EA}'
- '<SYSTEM32>\rundll32.exe' "%CommonProgramFiles%\System\\coreshell.dll",#1
- %CommonProgramFiles%\System\coreshell.dll