Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{921FCB86-E896-4B4D-852B-2F9725B3894C}] 'StubPath' = 'rundll32 "%ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll...
- '<SYSTEM32>\rundll32.exe' shell32.dll,Control_RunDLL %TEMP%\MIC1.tmp
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{921FCB86-E896-4B4D-852B-2F9725B3894C}||%TEMP%\MIC1.tmp
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes\Blacks.theme",_MS_11_023@16 A465C33E-368D-4574-AA6F-CCCA9152923B++{921FCB86-E896-4B4D-852B-2F9725B3894C}||%TEMP%\MIC1.tmp
- '<SYSTEM32>\cmd.exe' /c del <Полный путь к файлу> > nul
- '%TEMP%\wacult.exe'
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "<Текущая директория>\cisc2011pµe®С.doc"
- %TEMP%\D8.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes\Blacks.theme
- %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\msupmgr.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\updatemgr.dll
- %TEMP%\F9.tmp
- %TEMP%\wacult.exe
- <Текущая директория>\cisc2011pµe®С.doc
- %TEMP%\A7.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\F9.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\D8.tmp
- %TEMP%\wacult.exe
- %TEMP%\A7.tmp
- 'ms###n.ddns.us':53
- DNS ASK ms###n.ddns.us
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''