Техническая информация
- %WINDIR%\Tasks\SA.DAT
- '<SYSTEM32>\sc.exe' query schedule
- '<SYSTEM32>\cmd.exe' /c sc stop schedule
- '<SYSTEM32>\sc.exe' stop schedule
- '%WINDIR%\winsystem\winservice.exe'
- '<SYSTEM32>\cmd.exe' /c mode con cp select=437&sc query schedule
- '<SYSTEM32>\mode.com' con cp select=437
- %TEMP%\~DFD2B8.tmp
- %WINDIR%\winsystem\winservice.exe
- %TEMP%\~DF7720.tmp
- %WINDIR%\winsystem\winservice.exe
- %TEMP%\~DF7720.tmp