Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cmmon32.exe' = '%TEMP%\cmmon32.exe A'
- %TEMP%\cmmon32.exe A
- <SYSTEM32>\reg.exe add "HKCU\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Run" /v cmmon32.exe /d "%TEMP%\cmmon32.exe A" /f
- <SYSTEM32>\ping.exe -10 localhost
- <SYSTEM32>\cmd.exe /c %TEMP%\361fadf1c712e812d198c4cab5712a79.cmd
- %TEMP%\361fadf1c712e812d198c4cab5712a79.cmd
- %TEMP%\cmmon32.exe
- %TEMP%\cmmon32.exe в %TEMP%\cmmon32.exe
- ClassName: 'Indicator' WindowName: ''