Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\wuauclt.exe'
- Библиотека-обработчик для всех процессов: %WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\disc32.dll
- %WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\disc32.dll
- %WINDIR%\$NtUninstallKB893339$\systems.dat
- %WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\wuauclt.exe
- %WINDIR%\Installer\iexplore.exe