Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WINLOG.exe' = '%WINDIR%\WINLOG.exe /start '
- '<SYSTEM32>\reg.exe' delete HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v WINLOG.exe /f
- '<SYSTEM32>\cmd.exe' /c "reg ADD HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v WINLOG.exe /d "%WINDIR%\WINLOG.exe /start "
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v WINLOG.exe /d "%WINDIR%\WINLOG.exe /start
- '<SYSTEM32>\cmd.exe' /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v WINLOG.exe /f "
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im WINLOG.exe
- '<SYSTEM32>\taskkill.exe' /f /im WINLOG.exe
- '<SYSTEM32>\cmd.exe' /c "copy bin\WINLOG.exe %WINDIR%\ "
- ClassName: '' WindowName: ''