Technical Information
- '<SYSTEM32>\wbem\wmic.exe' process call create "cmstp /ns /s /su %APPDATA%\Microsoft\15730.inf"
- %APPDATA%\microsoft\15730.inf
- %WINDIR%\temp\old894b.tmp
- %WINDIR%\security\logs\scecomp.log
- %APPDATA%\microsoft\network\connections\cm\ .cmp
- %APPDATA%\microsoft\15730.inf
- %WINDIR%\temp\old894b.tmp
- http://dd#######mb9i.cloudfront.net/pwa.bns
- DNS ASK dd#######mb9i.cloudfront.net
- '<SYSTEM32>\cmstp.exe' /ns /s /su %APPDATA%\Microsoft\15730.inf