Technical Information
- '<SYSTEM32>\wbem\wmic.exe' process call create "cmstp /ns /s /su %APPDATA%\Microsoft\9105.inf"
- %APPDATA%\microsoft\9105.inf
- %WINDIR%\temp\oldda3a.tmp
- %WINDIR%\security\logs\scecomp.log
- %APPDATA%\microsoft\network\connections\cm\ .cmp
- %APPDATA%\microsoft\9105.inf
- %WINDIR%\temp\oldda3a.tmp
- http://18.##8.235.155/net.mtt
- '<SYSTEM32>\cmstp.exe' /ns /s /su %APPDATA%\Microsoft\9105.inf