Техническая информация
- '<SYSTEM32>\taskkill.exe' /F /IM netsh.exe
- '<SYSTEM32>\taskkill.exe' /F /IM cmd.exe
- '<SYSTEM32>\ftp.exe' -i -s:"%PROGRAM_FILES%\temporarycopiedfiles\temp\ftp32.txt" sitebooth.com
- '<SYSTEM32>\ftp.exe' -i -s:"%PROGRAM_FILES%\temporarycopiedfiles\temp\ftp2.txt" sitebooth.com
- <SYSTEM32>\cmd.exe
- firefox.exe
- %PROGRAM_FILES%\temporarycopiedfiles\[%USERNAME%]key3.db
- %PROGRAM_FILES%\temporarycopiedfiles\[%USERNAME%]secmod.db
- %PROGRAM_FILES%\temporarycopiedfiles\[%USERNAME%]cert8.db
- %PROGRAM_FILES%\temporarycopiedfiles\temp\ftp32.txt
- %PROGRAM_FILES%\temporarycopiedfiles\temp\ftp2.txt
- %PROGRAM_FILES%\temporarycopiedfiles\[%USERNAME%]key3.db
- %PROGRAM_FILES%\temporarycopiedfiles\[%USERNAME%]secmod.db
- %PROGRAM_FILES%\temporarycopiedfiles\[%USERNAME%]cert8.db
- %PROGRAM_FILES%\temporarycopiedfiles\temp\ftp2.txt
- %PROGRAM_FILES%\temporarycopiedfiles\temp\ftp32.txt
- 'localhost':1041
- 'localhost':1039
- 'si###ooth.com':21
- DNS ASK si###ooth.com
- ClassName: '(null)' WindowName: '(null)'