Техническая информация
- %TEMP%\mssgrmlpac.exe
- %APPDATA%\ch.metrics.bin
- DNS ASK cr####eportcdn.com
- '%TEMP%\mssgrmlpac.exe'
- '<SYSTEM32>\cmd.exe' /c "start %TEMP%\MsSgrmLpac.exe"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -ExecutionPolicy Bypass -Command "Get-Culture | select -exp Name"
- '<SYSTEM32>\cmd.exe' /c ver