Technical Information
- [<HKLM>\System\CurrentControlSet\Services\csrss] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\csrss] 'ImagePath' = '"%WINDIR%\<File name>.exe"'
- nul
- %WINDIR%\installutil.installlog
- %WINDIR%\<File name>.installlog
- %WINDIR%\<File name>.installstate
- %WINDIR%\<File name>.installlog
- %WINDIR%\<File name>.installstate
- %WINDIR%\installutil.installlog
- from <Full path to file> to %WINDIR%\<File name>.exe
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 3 > nul && move "<Full path to file>" "%WINDIR%\<File name>.exe" && start "" %WINDIR%\<File name>.exe && exit
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3