Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\wuauclt.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- Библиотека-обработчик для всех процессов: %WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\disc32.dll
- %WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\disc32.dll
- %WINDIR%\Installer\iexplore.exe
- %WINDIR%\Downloaded Program Files\{CE4EA0AD-E957-4DC2-AE62-A78A55093262}\wuauclt.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini