Техническая информация
- %WINDIR%\Tasks\f4.job
- %WINDIR%\Tasks\SA.DAT
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\sc.exe stop wscsvc
- <SYSTEM32>\sc.exe config SharedAccess start= disabled
- <SYSTEM32>\sc.exe stop SharedAccess
- <SYSTEM32>\attrib.exe +h %WINDIR%/tasks/*.*
- <SYSTEM32>\schtasks.exe /create /tn "f4" /sc minute /mo 60 /ru "NT AUTHORITY\SYSTEM" /tr %WINDIR%/ff4.bat
- <SYSTEM32>\chcp.com 1251
- <SYSTEM32>\cmd.exe /c setup.bat
- <SYSTEM32>\sc.exe config schedule start= auto
- <SYSTEM32>\sc.exe config wscsvc start= disabled
- <SYSTEM32>\sc.exe start schedule
- %WINDIR%\system4.bin
- %WINDIR%\ff4.bat
- %TEMP%\setup.bat
- %TEMP%\nsn2.tmp\ExecDos.dll
- %WINDIR%\Tasks\f4.job
- %TEMP%\nsn2.tmp\ExecDos.dll