Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msmgr' = '\grmsm.exe'
- <SYSTEM32>\ftp.exe -s:c:\ntsf.bnp
- C:\boot2.bin
- C:\ntsf.bnp
- <SYSTEM32>\msmgr
- 'ft#.##atisweb.com':21
- 'localhost':1036
- DNS ASK ft#.##atisweb.com
- ClassName: 'Indicator' WindowName: ''