Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '希的顾太望.exe' = '%TEMP%\希的顾太望.exe'
- <SYSTEM32>\tasks\limerat-admin
- lmao.exe
- %TEMP%\希的顾太望.exe
- %TEMP%\asdasd\lmao.exe
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt
- DNS ASK pa###bin.com
- '%TEMP%\希的顾太望.exe'
- '%TEMP%\asdasd\lmao.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%TEMP%\asdasd\lmao.exe'"' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%TEMP%\asdasd\lmao.exe'"