Technical Information
- '<SYSTEM32>\taskkill.exe' /F /im dwm.exe
- '<SYSTEM32>\taskkill.exe' /F /im dmw.exe
- %TEMP%\RarSFX0\dwm.bat
- %TEMP%\RarSFX0\dwmstarter.bat
- %TEMP%\RarSFX0\invisible.vbs
- %TEMP%\RarSFX0\dwm.bat
- %TEMP%\RarSFX0\dwmstarter.bat
- %TEMP%\RarSFX0\invisible.vbs
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\dwmstarter.bat" "
- '<SYSTEM32>\wscript.exe' "invisible.vbs" "Dwm.bat"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\Dwm.bat" "