Technical Information
- %WINDIR%\syswow64\grouppolicy\gpt.ini
- %WINDIR%\syswow64\grouppolicy\user\scripts\scripts.ini
- %WINDIR%\syswow64\grouppolicy\user\scripts\logon\autorun.bat
- %WINDIR%\syswow64\grouppolicy\user\scripts\logon\wmi.exe
- '%WINDIR%\syswow64\grouppolicy\user\scripts\logon\wmi.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q "<Full path to file>" > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q "%WINDIR%\SysWOW64\GROUPP~1\User\Scripts\Logon\wmi.exe" > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q "<Full path to file>" > nul
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q "%WINDIR%\SysWOW64\GROUPP~1\User\Scripts\Logon\wmi.exe" > nul