Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WMI Update Service' = 'C:\ProgramData\WMI Services\WmiPrvSvc.exe'
- C:\programdata\wmi services\wmiprvsvc.exe
- C:\programdata\wmi services\wmiprvsvc.exe
- 'C:\programdata\wmi services\wmiprvsvc.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "WMI Services" /tr "C:\ProgramData\WMI Services\\WmiPrvSvc.exe" /f' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "WMI Services" /tr "C:\ProgramData\WMI Services\\WmiPrvSvc.exe" /f