Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = 'C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\wuauclt.exe'
- 'C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\wuauclt.exe'
- '%TEMP%\~tmp.bin'
- '<SYSTEM32>\attrib.exe' +s +a +h +r C:\$Recycle.43C09F1D.CDBC.1836.12FCC0
- C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\tmp.jpg
- C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\wuauclt.exe
- C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\8a8a8a.jpg
- %TEMP%\~tmp.bin
- C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\sense.nt
- %TEMP%\~tmp.bin
- C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\tmp.jpg
- C:\$Recycle.43C09F1D.CDBC.1836.12FCC0\8a8a8a.jpg
- '<Private IP address>':80