Техническая информация
- %WINDIR%\Tasks\f.job
- %WINDIR%\Tasks\SA.DAT
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\sc.exe stop wscsvc
- <SYSTEM32>\sc.exe config SharedAccess start= disabled
- <SYSTEM32>\sc.exe stop SharedAccess
- <SYSTEM32>\attrib.exe +h %WINDIR%/tasks/*.*
- <SYSTEM32>\schtasks.exe /create /tn "f" /sc minute /mo 60 /ru "NT AUTHORITY\SYSTEM" /tr %WINDIR%/ff.bat
- <SYSTEM32>\chcp.com 1251
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\setup.bat" "
- <SYSTEM32>\sc.exe config schedule start= auto
- <SYSTEM32>\sc.exe config wscsvc start= disabled
- <SYSTEM32>\sc.exe start schedule
- %WINDIR%\ff.bat
- %WINDIR%\system.bin
- %TEMP%\1.tmp\setup.bat
- %WINDIR%\Tasks\f.job
- %TEMP%\1.tmp\setup.bat