Technical Information
- '%WINDIR%\syswow64\net.exe' stop BITS
- '%WINDIR%\syswow64\net.exe' stop wuauserv
- '%WINDIR%\syswow64\net.exe' stop cryptsvc
- '%WINDIR%\syswow64\net.exe' stop AppIDSvc
- %WINDIR%\syswow64\catroot2.bak
- from %WINDIR%\softwaredistribution\reportingevents.log to %WINDIR%\softwaredistribution.bak
- from <SYSTEM32>\catroot2\dberr.txt to %WINDIR%\syswow64\catroot2.bak
- %WINDIR%\syswow64\catroot2.bak
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - atl.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wups2.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wups.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wucltui.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuaueng1.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuaueng.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuapi.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s initpki.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s shell32.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s ole32.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s oleaut32.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s cryptdlg.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s sccbase.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s gpkcsp.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuweb.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s rsaenh.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wintrust.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s softpub.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s actxprxy.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s msxml6.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s msxml3.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s msxml.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s scrrun.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s vbscript.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s jscript.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - browseui.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - shdocvw.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - mshtml.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - urlmon.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s dssenh.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s qmgr.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c net stop BITS
- '%WINDIR%\syswow64\regsvr32.exe' /s oleaut32.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s oleaut32.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s cryptdlg.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s cryptdlg.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s sccbase.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s sccbase.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s ole32.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s gpkcsp.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s rsaenh.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s rsaenh.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s dssenh.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s dssenh.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wintrust.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wintrust.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s gpkcsp.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s ole32.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s shell32.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s shell32.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuweb.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wups2.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wups2.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wups.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wups.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wucltui.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wucltui.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wuaueng1.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuaueng1.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wuaueng.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuaueng.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wuapi.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s wuapi.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s initpki.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s initpki.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s softpub.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s wuweb.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s softpub.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s actxprxy.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - urlmon.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s - atl.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - atl.dll
- '%WINDIR%\syswow64\sc.exe' sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
- '%WINDIR%\syswow64\cmd.exe' /c sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
- '%WINDIR%\syswow64\sc.exe' sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
- '%WINDIR%\syswow64\regsvr32.exe' /s - urlmon.dll
- '%WINDIR%\syswow64\cmd.exe' /c sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
- '%WINDIR%\syswow64\cmd.exe' /c net stop AppIDSvc
- '%WINDIR%\syswow64\net1.exe' stop cryptsvc
- '%WINDIR%\syswow64\cmd.exe' /c net stop cryptsvc
- '%WINDIR%\syswow64\net1.exe' stop wuauserv
- '%WINDIR%\syswow64\cmd.exe' /c net stop wuauserv
- '%WINDIR%\syswow64\net1.exe' stop BITS
- '%WINDIR%\syswow64\net1.exe' stop AppIDSvc
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - mshtml.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s - mshtml.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - shdocvw.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s msxml6.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s msxml6.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s msxml3.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s msxml3.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s msxml.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s msxml.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s scrrun.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s scrrun.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s vbscript.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s vbscript.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s jscript.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s jscript.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s - browseui.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s - browseui.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s - shdocvw.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s actxprxy.dll
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /s qmgr.dll