Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
- Cредство проверки системных файлов (SFC)
- <SYSTEM32>\net1.exe stop AppMgmt
- <SYSTEM32>\net.exe stop AppMgmt
- <SYSTEM32>\wscript.exe "%WINDIR%\QQ.vbs"
- <SYSTEM32>\net1.exe start AppMgmt
- <SYSTEM32>\net1.exe stop Cryptsvc
- <SYSTEM32>\sc.exe config Cryptsvc start= DISABLED
- %WINDIR%\regedit.exe /s %WINDIR%\yju.reg
- <SYSTEM32>\net.exe stop Cryptsvc
- <SYSTEM32>\sc.exe config AppMgmt start= AUTO
- %WINDIR%\QQ.vbs
- %WINDIR%\yju.reg
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- <SYSTEM32>\appmgmts.dll
- %WINDIR%\yju.reg
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''