Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Recycler' = 'C:\RECYCLER.lnk'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Recycler' = 'C:\RECYCLER.lnk'
- <SYSTEM32>\ftp.exe -s:"%TEMP%\ftp.sys" -A
- <SYSTEM32>\attrib.exe +h +s "%TEMP%\svchost.exe"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shell32.dll,Control_RunDLL "C:\ntp.sys",C:\ntp.sys
- <SYSTEM32>\cmd.exe /c "%TEMP%\ftp.cmd"
- %TEMP%\ftp.sys
- %TEMP%\ftp.cmd
- %HOMEPATH%\Favorites\Microsoft Update.lnk
- C:\ntp.sys
- C:\RECYCLER.lnk
- C:\ntp.sys
- %TEMP%\ftp.cmd
- %TEMP%\ftp.sys
- 'wb#.#ytes.net':9696
- 'localhost':1035
- DNS ASK wb#.#ytes.net
- ClassName: 'Indicator' WindowName: ''