Technical Information
- <SYSTEM32>\wuauclt.exe with <SYSTEM32>\wuauclt.exe
- <SYSTEM32>\wuauclt.exe
- '' (downloaded from the Internet)
- <SYSTEM32>\wuauclt.exe.new
- <SYSTEM32>\dllcache\wuauclt.exe.new
- %TEMP%\wuauclt.exe
- <Current directory>\rename.cmd
- <Current directory>\rename.cmd
- %TEMP%\wuauclt.exe
- <Full path to file>
- from <SYSTEM32>\wuauclt.exe to <SYSTEM32>\wuauclt.exe.bak
- from <SYSTEM32>\wuauclt.exe to <SYSTEM32>\wuauclt.exe.tmp
- 'ap####-u-doma.ru':80
- http://ap####-u-doma.ru/wuauclt.exe
- DNS ASK ap####-u-doma.ru
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wuauclt.exe /t /e /p %USERNAME%:F
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\rename.cmd" "