Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /im Unpack.exe
- C:\users\rmsbyn08i40k.rar
- C:\users\startgm.vbs
- C:\users\unpack.exe
- C:\users\pause.bat
- nul
- C:\users\startgm.vbs
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\startgm.vbs"
- 'C:\users\unpack.exe' -p goleg rmsbyN08I40K.rar
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\pause.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\pause.bat" "
- '%WINDIR%\syswow64\timeout.exe' 3
- '%WINDIR%\syswow64\chcp.com' 1251