Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mnmsrvc] 'Start' = '00000002'
- <SYSTEM32>\mnmsrvc.exe
- <SYSTEM32>\net1.exe stop mnmsrvc
- <SYSTEM32>\sc.exe config mnmsrvc start= auto
- <SYSTEM32>\mnmsrvc.exe
- <SYSTEM32>\net1.exe start mnmsrvc
- <SYSTEM32>\net1.exe stop cryptsvc
- <SYSTEM32>\sc.exe config cryptsvc start= disabled
- <SYSTEM32>\net.exe stop cryptsvc
- <SYSTEM32>\net.exe stop mnmsrvc
- <SYSTEM32>\sc.exe delete cryptsvc
- <SYSTEM32>\mnm.exe
- %WINDIR%\HGZCQB.EXE
- %WINDIR%\HGZCQB.EXE
- ClassName: 'Shell_TrayWnd' WindowName: ''