Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '"%APPDATA%\WindowsUpdate\WindowsRuntime.vbs'
- %TEMP%\WindowsDefender.bat
- %APPDATA%\WindowsUpdate\WindowsSystem.vbs
- %APPDATA%\WindowsUpdate\WindowsRuntime.vbs
- %APPDATA%\WindowsUpdate\WindowsRuntime.bat
- %APPDATA%\WindowsUpdate\WindowsInstallation.vbs
- %APPDATA%\WindowsUpdate\WindowsDefender.bat
- %APPDATA%\WindowsUpdate\system.exe
- %APPDATA%\WindowsUpdate\msvcr110.dll
- %APPDATA%\WindowsUpdate\epools.txt
- %APPDATA%\WindowsUpdate\config.txt
- %TEMP%\WindowsRuntime.vbs
- %TEMP%\WindowsInstallation.vbs
- %TEMP%\msvcr110.dll
- %TEMP%\system.exe
- %TEMP%\WindowsUpdate.bat
- %TEMP%\WindowsRuntime.bat
- %TEMP%\epools.txt
- %TEMP%\config.txt
- %TEMP%\WindowsSystem.vbs
- %TEMP%\WindowsUpdate.exe
- %APPDATA%\WindowsUpdate\WindowsUpdate.bat
- %APPDATA%\WindowsUpdate\WindowsUpdate.exe
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\WindowsSystem.vbs"
- '%TEMP%\WindowsUpdate.exe' -pWindowsDefender
- '<SYSTEM32>\wscript.exe' "%TEMP%\WindowsInstallation.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WindowsDefender.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WindowsUpdate.bat" "
- '<SYSTEM32>\reg.exe' add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Update" /d "\"%APPDATA%\WindowsUpdate\WindowsRuntime.vbs" /f