Trojan.MulDrop17.65242

Technical Information

Malicious functions

To complicate detection of its presence in the operating system,

blocks the following features:

User Account Control (UAC)

Modifies settings of Windows Internet Explorer

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1001' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1A00' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1803' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1608' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1607' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1405' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1400' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1201' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1200' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1004' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1001' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '2201' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '2200' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1A00' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1803' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1608' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1607' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1405' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1406' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1400' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1201' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1200' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1004' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '2200' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '2201' = '00000000'

Modifies file system

Creates the following files

C:\temp\allconfignoui_fornewpc_2.0_20200307\allconfignoui.exe
nul
%WINDIR%\setdefualtie11_v2.1.exe
%WINDIR%\defualtie11.xml
%TEMP%\nswb50d.tmp\nsexec.dll
%TEMP%\ieconfig_only\{bc572c55-eb43-4301-9ef3-39888fae6dd3}\ieconfig.bat
%TEMP%\nswb50d.tmp\system.dll
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\readme.txt
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\office2013config.bat
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\office2013active.bat
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\activated_bdd.bat
%WINDIR%\wlansvc\policies\refusewifiv1.1.exe
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\wificonfig.exe
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\setdefualtie11.exe
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\officetemplet_2013_noui.exe
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\ieconfig_only_20180411.exe
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\disablehuawei_employee_v2.0.exe
C:\temp\allconfignoui_fornewpc_2.0_20200307\task_config.xml
C:\temp\allconfignoui_fornewpc_2.0_20200307\readme.txt
C:\temp\allconfignoui_fornewpc_2.0_20200307\msvcr110.dll
C:\temp\allconfignoui_fornewpc_2.0_20200307\msvcp110.dll
C:\temp\allconfignoui_fornewpc_2.0_20200307\update.txt
C:\temp\allconfignoui_fornewpc_2.0_20200307\allconfignoui__.txt
C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\systemconfig.bat
%WINDIR%\wlansvc\policies\pol99f.tmp

Deletes the following files

%TEMP%\ieconfig_only\{bc572c55-eb43-4301-9ef3-39888fae6dd3}\ieconfig.bat
%TEMP%\nswb50d.tmp\nsexec.dll
%TEMP%\nswb50d.tmp\system.dll
%WINDIR%\defualtie11.xml
%WINDIR%\wlansvc\policies\refusewifiv1.1.exe

Miscellaneous

Creates and executes the following

'C:\temp\allconfignoui_fornewpc_2.0_20200307\allconfignoui.exe'
'%WINDIR%\wlansvc\policies\refusewifiv1.1.exe'
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\ieconfig_only_20180411.exe'
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\disablehuawei_employee_v2.0.exe'
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\setdefualtie11.exe'
'%WINDIR%\setdefualtie11_v2.1.exe'
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\wificonfig.exe'
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\office2013Active.bat"' (with hidden window)
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\disablehuawei_employee_v2.0.exe' ' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' wlan delete profile name="Huawei-Employee"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETDCVALUEINDEX a1841308-3541-4fab-bc81-f71556f20b4a 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETACVALUEINDEX a1841308-3541-4fab-bc81-f71556f20b4a 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETDCVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0' (with hidden window)
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\wificonfig.exe' ' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' wlan set hostednetwork mode=disallow' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' wlan stop hostednetwork' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\SystemConfig.bat"' (with hidden window)
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\setdefualtie11.exe' ' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\IEConfig_only\{BC572C55-EB43-4301-9EF3-39888FAE6DD3}\IEConfig.bat' (with hidden window)
'C:\temp\allconfignoui_fornewpc_2.0_20200307\tool\ieconfig_only_20180411.exe' ' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' <SYSTEM32>\wbem\wmic.exe computersystem get model' (with hidden window)
'%WINDIR%\syswow64\setx.exe' /M Path "%SystemRoot%;<SYSTEM32>;<SYSTEM32>\Wbem;<SYSTEM32>\WindowsPowerShell\v1.0;%WINDIR%;<SYSTEM32>;<SYSTEM32>\Wbem;<SYSTEM32>\WindowsPowerShell\v1.0;%ALLUSERSPROFILE%\Oracle\Java\javapath;<...' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\office2013Config.bat"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\activated_BDD.bat"' (with hidden window)

Executes the following

'%WINDIR%\syswow64\setx.exe' /M Path "%SystemRoot%;<SYSTEM32>;<SYSTEM32>\Wbem;<SYSTEM32>\WindowsPowerShell\v1.0;%WINDIR%;<SYSTEM32>;<SYSTEM32>\Wbem;<SYSTEM32>\WindowsPowerShell\v1.0;%ALLUSERSPROFILE%\Oracle\Java\javapath;<...
'%WINDIR%\syswow64\powercfg.exe' -SETACVALUEINDEX a1841308-3541-4fab-bc81-f71556f20b4a 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETDCVALUEINDEX a1841308-3541-4fab-bc81-f71556f20b4a 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\powercfg.exe' -SETDCVALUEINDEX a1841308-3541-4fab-bc81-f71556f20b4a 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\netsh.exe' wlan delete profile name="Huawei-Employee"
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\office2013Active.bat"
'%WINDIR%\syswow64\reg.exe' ADD "HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins\OscAddin.Connect" /v LoadBehavior /t REG_DWORD /d 00000002 /f
'%WINDIR%\syswow64\cmd.exe' /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot" /v "Path" /reg:64 | find /i "reg_sz"
'%WINDIR%\syswow64\cmd.exe' /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot" /v "Path" /reg:32 | find /i "reg_sz"
'%WINDIR%\syswow64\reg.exe' query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot" /v "Path" /reg:32
'%WINDIR%\syswow64\net.exe' start sppsvc
'%WINDIR%\syswow64\net1.exe' start sppsvc
'%WINDIR%\syswow64\net.exe' start osppsvc
'%WINDIR%\syswow64\net1.exe' start osppsvc
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\reg.exe' query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot" /v "Path" /reg:64
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETACVALUEINDEX a1841308-3541-4fab-bc81-f71556f20b4a 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\powercfg.exe' -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\powercfg.exe' -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\find.exe' /i "reg_sz"
'%WINDIR%\syswow64\powercfg.exe' -setdcvalueindex scheme_current SUB_PROCESSOR PROCTHROTTLEMIN 100
'%WINDIR%\syswow64\powercfg.exe' -setacvalueindex scheme_current SUB_PROCESSOR PROCTHROTTLEMIN 100
'%WINDIR%\syswow64\reg.exe' ADD "HKLM\Software\Microsoft\Office\Outlook\Addins\OneNote.OutlookAddin" /v LoadBehavior /t REG_DWORD /d 00000002 /f
'%WINDIR%\syswow64\reg.exe' ADD "HKLM\Software\Microsoft\Office\Outlook\Addins\OscAddin.Connect" /v LoadBehavior /t REG_DWORD /d 00000002 /f
'%WINDIR%\syswow64\timeout.exe' 1
'%WINDIR%\syswow64\reg.exe' ADD "HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins\OneNote.OutlookAddin" /v LoadBehavior /t REG_DWORD /d 00000002 /f
'%WINDIR%\syswow64\powercfg.exe' -setdcvalueindex scheme_current SUB_VIDEO 8ec4b3a5-6868-48c2-be75-4f3044be88a7 300
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v PreventIndexingEmailAttachments /t REG_DWORD /d 00000001 /f
'%WINDIR%\syswow64\net1.exe' user administrator /active:no
'%WINDIR%\syswow64\netsh.exe' wlan stop hostednetwork
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\powercfg.exe' -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\cmd.exe' /C POWERCFG -SETDCVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\cmd.exe' /c reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS" /v "SystemProductName" /reg:64 | find /i "reg_sz"
'%WINDIR%\syswow64\powercfg.exe' -SETDCVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
'%WINDIR%\syswow64\net.exe' user administrator /active:no
'%WINDIR%\syswow64\reg.exe' query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS" /v "SystemProductName" /reg:64
'%WINDIR%\syswow64\cscript.exe' //B null /inpkey:YC7DK-G2NP3-2QQC3-J6H88-GVGXT
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\office2013Config.bat"
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\OscAddin.Connect" /v LoadBehavior /t reg_dword /d "2" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Outlook\Addins\OneNote.OutlookAddin" /v LoadBehavior /t reg_dword /d "2" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Outlook\Addins\OscAddin.Connect" /v PromptForAging /t reg_dword /d "2" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security" /v Level1Remove /t reg_sz /d ".exe;.msi;.REG;.bat;.vb;.vbs;.chm;.com;.inf" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\Calendar" /v "AllowHTMLCalendarContent" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Outlook\Preferences" /v PromptForAging /t reg_dword /d "0" /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\SignIn" /v SignInOptions /t REG_DWORD /d 00000003 /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet" /v UseOnlineContent /t REG_DWORD /d 00000001 /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\FirstRun" /v BootedRTM /t REG_DWORD /d 00000001 /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\FirstRun" /v DisableMovie /t REG_DWORD /d 00000001 /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\General" /v shownFirstRunOptin /t REG_DWORD /d 00000001 /f /reg:64
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\activated_BDD.bat"
'%WINDIR%\syswow64\cmd.exe' /c wmic path softwarelicensingservice get OA3xOriginalProductKey | find /i "-"
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Graphics" /v DisableHardwareAcceleration /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\OneNote.OutlookAddin" /v LoadBehavior /t reg_dword /d "2" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector" /v Runosc /t reg_dword /d "0" /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\PowerPoint\Options" /v "UseMonMgr" /t REG_DWORD /d 00000000 /f
'%WINDIR%\syswow64\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main" /v TabProcGrowth /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\PowerPoint\Security\ProtectedView" /v "DisableUnsafeLocationsInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\PowerPoint\Security\ProtectedView" /v "DisableInternetFilesInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\PowerPoint\Security\ProtectedView" /v "DisableAttachmentsInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\ProtectedView" /v "DisableUnsafeLocationsInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\ProtectedView" /v "DisableInternetFilesInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\cscript.exe' //B null /sethst:szxkms03-nt.huawei.com
'%WINDIR%\syswow64\cscript.exe' //B null /act
'%WINDIR%\syswow64\cscript.exe' //B null /setprt:1688
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\ProtectedView" /v "DisableAttachmentsInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences" /v ShowBcc /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences" /v ArchiveIgnoreLastModifiedTime /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences" /v ABQueryMode /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Outlook" /v DisableAntispam /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Policies\Microsoft\Office\15.0\Common" /v "default ui theme" /t REG_DWORD /d 00000002 /f
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Excel\Security\ProtectedView" /v "DisableUnsafeLocationsInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Excel\Security\ProtectedView" /v "DisableInternetFilesInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Excel\Security\ProtectedView" /v "DisableAttachmentsInPV" /t reg_dword /d "1" /f /reg:64
'%WINDIR%\syswow64\powercfg.exe' -setacvalueindex scheme_current SUB_VIDEO 8ec4b3a5-6868-48c2-be75-4f3044be88a7 1800
'%WINDIR%\syswow64\schtasks.exe' /change /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /Enable
'%WINDIR%\syswow64\powercfg.exe' -setacvalueindex scheme_current sub_none connectivityinstandby 0
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1A00" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "2200" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "2201" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1001" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1004" /t REG_DWORD /d 0X1 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1200" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1A00" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1201" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1406" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1405" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1607" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1608" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1609" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1608" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1607" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1803" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1405" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1406" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\cmd.exe' <SYSTEM32>\wbem\wmic.exe computersystem get model
'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\IEConfig_only\{BC572C55-EB43-4301-9EF3-39888FAE6DD3}\IEConfig.bat
'%WINDIR%\syswow64\reg.exe' delete HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete HKEY_CLASSES_ROOT\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1803" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /V "%ProgramFiles(x86)%\Internet Explorer\iexplore.exe" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1400" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter" /V "EnabledV9" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1001" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1004" /t REG_DWORD /d 0X1 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1200" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1201" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1400" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /V "%ProgramFiles%\Internet Explorer\iexplore.exe" /f /reg:64
'%WINDIR%\syswow64\wbem\wmic.exe' computersystem get model
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter" /V "EnabledV8" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1609" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "2200" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config" /v "minRSAPubKeyBitLength" /t reg_dword /d 0x400 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UI0Detect" /v "Start" /t reg_dword /d 4 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VPNInstallManager" /v "Start" /t reg_dword /d 4 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS /v start /t reg_dword /d 4 /f /reg:64
'%WINDIR%\syswow64\powercfg.exe' -setacvalueindex scheme_current sub_sleep 7bc4a2f9-d8fc-4469-b07b-33eb785aaca0 0
'%WINDIR%\syswow64\powercfg.exe' -setdcvalueindex scheme_current sub_sleep 7bc4a2f9-d8fc-4469-b07b-33eb785aaca0 0
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "SMB1" /t reg_dword /d 0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "2201" /t REG_DWORD /d 0X0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config" /v "EnableWeakSignatureFlags" /t reg_dword /d 0x2 /f /reg:64
'%WINDIR%\syswow64\netsh.exe' wlan set hostednetwork mode=disallow
'%WINDIR%\syswow64\reg.exe' delete HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v ConnectionCenter /f
'%WINDIR%\syswow64\reg.exe' delete HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v Redirector /f
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing" /v RepairContentServerSource /t REG_DWORD /d 0x2 /f
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker" /v PreventDeviceEncryption /t REG_DWORD /d 00000001 /f
'%WINDIR%\syswow64\powercfg.exe' -setdcvalueindex scheme_current sub_none connectivityinstandby 0
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power" /v "PowerThrottlingOff" /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v DODownloadMode /t REG_DWORD /d 00000000 /f
'%WINDIR%\syswow64\reg.exe' delete HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v cloudclient /f
'%WINDIR%\syswow64\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity" /v EnableADAL /t REG_DWORD /d 00000000 /f /reg:64
'%WINDIR%\syswow64\wbem\wmic.exe' path softwarelicensingservice get OA3xOriginalProductKey
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /V "Display Inline Images" /t REG_SZ /d "yes" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\FTP" /V "Use Web Based FTP" /t REG_SZ /d "no" /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /V CertificateRevocation /t REG_DWORD /d 0x0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /V HideNewEdgeButton /t REG_DWORD /d 0x1 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /V EnableNegotiate /t REG_DWORD /d 0x1 /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_CURRENT_USER\software\Policies\Microsoft\Internet Explorer\Main" /v TabProcGrowth /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorUser" /t reg_dword /d 3 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_LOCAL_MACHINE\software\Policies\Microsoft\Internet Explorer\Main" /v TabProcGrowth /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main" /v TabProcGrowth /f /reg:64
'%WINDIR%\syswow64\cmd.exe' /c "C:\temp\AllConfigNoUI_ForNewPC_2.0_20200307\Tool\SystemConfig.bat"
'%WINDIR%\syswow64\cmd.exe' /S /D /c" ver "
'%WINDIR%\syswow64\find.exe' "6.1."
'%WINDIR%\syswow64\find.exe' "10.0."
'%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /f /reg:64
'%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows" /V PopupMgr /t REG_SZ /d "NO" /f /reg:64
'%WINDIR%\syswow64\reg.exe' delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main" /v TabProcGrowth /f /reg:64
'%WINDIR%\syswow64\find.exe' /i "-"

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней