Technical Information
- '<SYSTEM32>\rundll32.exe' %APPDATA%\Microsoft\Templates\W0rd.dll,DllUnregisterServer
- %TEMP%\ya.wav
- <Current directory>\~wrd0000.tmp
- <Current directory>\~wrd0001.tmp
- %TEMP%\msohtmlclip1\01\clip_themedata.thmx
- %TEMP%\msohtmlclip1\01\clip_colorschememapping.xml
- %TEMP%\msohtmlclip1\01\clip_image001.emz
- %TEMP%\msohtmlclip1\01\clip_image002.png
- %TEMP%\msohtmlclip1\01\clip_oledata.mso
- <Current directory>\~wrd0000.tmp
- from %TEMP%\ya.wav to %APPDATA%\microsoft\templates\w0rd.dll
- <PATH_SAMPLE>.doc
- %TEMP%\ya.wav
- http://ap#.#pify.org/
- http://ea###ill.com/8/forum.php
- DNS ASK ap#.#pify.org
- DNS ASK ea###ill.com