Техническая информация
- %WINDIR%\tasks\schedule.exe
- %WINDIR%\tasks\清理垃圾.job
- %TEMP%\bt2804.bat
- %TEMP%\bt2804.bat
- %WINDIR%\tasks\schedule.exe
- %TEMP%\bt2804.bat
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\tasks\schedule.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\bt2804.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\bt2804.bat
- '%WINDIR%\syswow64\reg.exe' delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe" /f
- '%WINDIR%\syswow64\sc.exe' config Schedule start= AUTO
- '%WINDIR%\syswow64\net.exe' start Schedule
- '%WINDIR%\syswow64\net1.exe' start Schedule