Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{921FCB86-E896-4B4D-852B-2F9725B3894C}] 'StubPath' = 'rundll32 "%ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{921FCB86-E896-4B4D-852B-2F9725B3894C}'
- %TEMP%\wacult.exe
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes\Blacks.theme",_MS_11_023@16 A465C33E-368D-4574-AA6F-CCCA9152923B++{921FCB86-E896-4B4D-852B-2F9725B3894C}||%TEMP%\MIC1.tmp
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{921FCB86-E896-4B4D-852B-2F9725B3894C}||%TEMP%\MIC1.tmp
- <SYSTEM32>\rundll32.exe shell32.dll,Control_RunDLL %TEMP%\MIC1.tmp
- %TEMP%\D6.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes\Blacks.theme
- %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\msupmgr.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll
- %TEMP%\F7.tmp
- %TEMP%\wacult.exe
- <Текущая директория>\Ва±bіqЄѕ©ъІУ.doc
- %TEMP%\A5.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\F7.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\D6.tmp
- %TEMP%\wacult.exe
- %TEMP%\A5.tmp
- 'ms###n.ddns.us':53
- DNS ASK ms###n.ddns.us
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''