Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft-Update' = 'cmd /c "start "Microsoft-Update" "%ProgramFiles%\WindowsFrameworkUpdate\Windows-update.exe"'
- '<SYSTEM32>\schtasks.exe' /create /NP /sc onlogon /tn "Microsoft-Update" /rl highest /tr "'%ProgramFiles%\WindowsFrameworkUpdate\Windows-update.exe' /startup" /f
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Microsoft-Update" /d "cmd /c """start """Microsoft-Update""" """%ProgramFiles%\WindowsFrameworkUpdate\Windows-update.exe"""" /f"
- <SYSTEM32>\reg.exe
- %APPDATA%\Monitor\Screenshots\01-17-2017\4.57 AM
- %ProgramFiles%\WindowsFrameworkUpdate\Windows-update.exe
- 'lu######tylink-sely.noip.me':21971
- DNS ASK lu######tylink-sely.noip.me