Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{9234569D-431D-414D-9A2B-DA6E328CC14E}] 'StubPath' = 'rundll32 "%ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{9234569D-431D-414D-9A2B-DA6E328CC14E}'
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes\Blacks.theme",_MS_11_023@16 A465C33E-368D-4574-AA6F-CCCA9152923B++{9234569D-431D-414D-9A2B-DA6E328CC14E}||"%TEMP%\MIC1.tmp"
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{9234569D-431D-414D-9A2B-DA6E328CC14E}||"%TEMP%\MIC1.tmp"
- <SYSTEM32>\rundll32.exe shell32.dll,Control_RunDLL "%TEMP%\MIC1.tmp"
- %TEMP%\D3.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes\Blacks.theme
- %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\msupmgr.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll
- %TEMP%\F4.tmp
- %TEMP%\winword.exe
- <Текущая директория>\¤UҐb¦~«ЧВѕ°ИБ~ёкІ§°КЄн--ЅІ»x®Ф.doc
- %TEMP%\A2.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\F4.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\D3.tmp
- %TEMP%\winword.exe
- %TEMP%\A2.tmp
- 'go#####nline.ns02.us':1863
- DNS ASK go#####nline.ns02.us
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''