Техническая информация
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "HideFastUserSwitching" /t REG_DWORD /d "1" /f
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp6925.vbs"
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableLockWorkstation" /t REG_DWORD /d "1" /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\ѓXѓ^Ѓ[ѓgѓЃѓjѓ…Ѓ[“dЊ№‘ЂЌм‹ЦЋ~.bat" "
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d "1" /f
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- %TEMP%\tmp6925.vbs
- %TEMP%\1.tmp\ѓXѓ^Ѓ[ѓgѓЃѓjѓ…Ѓ[“dЊ№‘ЂЌм‹ЦЋ~.bat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'