Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'System_Twunk' = '%WINDIR%\twunk_8.exe'
- '<SYSTEM32>\reg.exe' delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ /f /v System_Twunk
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f /v System_Twunk /t REG_SZ /d %WINDIR%\twunk_8.exe