Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'cleanup' = 'C:\cleanup.bat'
- C:\cleanup.bat
- %TEMP%\0203destroy.bat
- %TEMP%\destroy_done.txt
- %TEMP%\aut1.tmp
- %TEMP%\msgbox.exe
- %TEMP%\aut2.tmp
- %TEMP%\msgbox.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '%TEMP%\msgbox.exe'
- '<SYSTEM32>\net1.exe' user _DM_User /active:no
- '<SYSTEM32>\shutdown.exe' /s /f /t 15
- '<SYSTEM32>\net.exe' user _DM_User /active:no
- '<SYSTEM32>\cmd.exe' /c %TEMP%\0203destroy.bat
- '<SYSTEM32>\ping.exe' /r 5 127.0.0.1