Техническая информация
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %TEMP%\preventchangedesktop.bat
- %TEMP%\rsw.exe
- %TEMP%\exten.rsw
- %TEMP%\msg.rsw
- %TEMP%\msgtxt.rsw
- %TEMP%\wallet.rsw
- %TEMP%\desktop.vbs
- %TEMP%\t.vbs
- %TEMP%\task.vbs
- %TEMP%\windowdefender.vbs
- %TEMP%\img.jpg
- %TEMP%\img1.jpg
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rsw.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\desktop.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\task.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\windowdefender.vbs"
- '<SYSTEM32>\cmd.exe' /cwscript.exe t.vbs preventchangedesktop.bat' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /cnetsh firewall set opmode disable' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\preventchangedesktop.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /cwscript.exe t.vbs preventchangedesktop.bat
- '<SYSTEM32>\cmd.exe' /cnetsh firewall set opmode disable
- '<SYSTEM32>\wscript.exe' t.vbs preventchangedesktop.bat
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\preventchangedesktop.bat" "
- '<SYSTEM32>\rundll32.exe' user32.dll,UpdatePerUserSystemParameters
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_DWORD /d 1 /f