Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Bluetooth' = '%TEMP%\svchost.exe'
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name=svchost dir=in program=%TEMP%\svchost.exe action=allow
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Bluetooth" /t REG_SZ /d "%TEMP%\svchost.exe" /f
- '<SYSTEM32>\regsvr32.exe' %TEMP%\ssleay32.dll /s
- '<SYSTEM32>\regsvr32.exe' %TEMP%\libeay32.dll /s
- %TEMP%\svchost.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''