Modifies WinLogon for persistence

UAC bypass

Blocks application from running via registry modification

Adds application to list of disallowed applications.

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Disables use of System Restore points

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection