Техническая информация
- <SYSTEM32>\tasks\limerat-admin
- %TEMP%\new-client.exe
- %TEMP%\setup-arksmartbreeding-0.42.1.0.exe
- %TEMP%\is-e3h32.tmp\setup-arksmartbreeding-0.42.1.0.tmp
- %APPDATA%\windows update\wservices.exe
- %TEMP%\new-client.exe
- %TEMP%\setup-arksmartbreeding-0.42.1.0.exe
- '19#.#61.193.99':23029
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '%TEMP%\new-client.exe'
- '%TEMP%\setup-arksmartbreeding-0.42.1.0.exe'
- '%TEMP%\is-e3h32.tmp\setup-arksmartbreeding-0.42.1.0.tmp' /SL5="$170214,1462902,121344,%TEMP%\setup-ArkSmartBreeding-0.42.1.0.exe"
- '%APPDATA%\windows update\wservices.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%APPDATA%\Windows Update\Wservices.exe'"' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%APPDATA%\Windows Update\Wservices.exe'"