Техническая информация
- '<SYSTEM32>\wbem\wmic.exe' process call create "cmstp /ns /s /su %APPDATA%\Microsoft\2684.inf"
- %APPDATA%\microsoft\2684.inf
- %WINDIR%\temp\old3cbf.tmp
- %WINDIR%\security\logs\scecomp.log
- %APPDATA%\microsoft\network\connections\cm\ .cmp
- %APPDATA%\microsoft\2684.inf
- %WINDIR%\temp\old3cbf.tmp
- http://pa###bin.com/raw/cH2m9k2Y
- http://pa###bin.com/cH2m9k2Y
- DNS ASK pa###bin.com
- '<SYSTEM32>\cmstp.exe' /ns /s /su %APPDATA%\Microsoft\2684.inf