Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SecurityCpl' = ''
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram <SYSTEM32>\wbem\repository\svchost.exe "svchost.exe" ENABLE
- '<SYSTEM32>\rundll32.exe'
- '<SYSTEM32>\reg.exe' ADD HKLM\software\microsoft\windows\currentversion\run /f /v SecurityCpl /t REG_EXPAND_SZ /d "<SYSTEM32>\wbem\repository\users\svchost.exe"
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="rundll32.exe" dir=in action=allow program="<SYSTEM32>\wbem\repository\rundll32.exe" enable=yes
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram <SYSTEM32>\wbem\repository\rundll32.exe "rundll32.exe" ENABLE
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="svchost.exe" dir=in action=allow program="<SYSTEM32>\wbem\repository\svchost.exe" enable=yes
- %TEMP%\bt70338.bat
- %TEMP%\bt70338.bat