Technical Information
- [<HKLM>\System\CurrentControlSet\Services\UxSms] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Themes] 'Start' = '00000002'
- '%WINDIR%\syswow64\net.exe' stop uxsms
- %WINDIR%\ct.bat
- nul
- '12#.#29.217.85':8013
- '%WINDIR%\syswow64\reg.exe' add "HKCU\Software\Microsoft\Windows\DWM" /v Composition /t reg_dword /d 00000001 /f' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' add "HKCU\Software\Microsoft\Windows\DWM" /v CompositionPolicy /t reg_dword /d 00000002 /f' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\ct.bat" "' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' add "HKCU\Software\Microsoft\Windows\DWM" /v Composition /t reg_dword /d 00000001 /f
- '%WINDIR%\syswow64\reg.exe' add "HKCU\Software\Microsoft\Windows\DWM" /v CompositionPolicy /t reg_dword /d 00000002 /f
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\ct.bat" "
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 2
- '%WINDIR%\syswow64\sc.exe' config UxSms start= auto
- '%WINDIR%\syswow64\sc.exe' config Themes start= auto
- '%WINDIR%\syswow64\net.exe' start Themes
- '%WINDIR%\syswow64\net1.exe' start Themes
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 3
- '%WINDIR%\syswow64\net1.exe' stop uxsms
- '%WINDIR%\syswow64\net.exe' start uxsms
- '%WINDIR%\syswow64\net1.exe' start uxsms
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 5