Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Winsvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\System64] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\System32] 'Start' = '00000002'
- C:\RECYCLER\bin32\DISKINFO.EXE
- C:\RECYCLER\bin32\test.exe
- C:\RECYCLER\bin32\svchost.exe spool.dll
- C:\RECYCLER\bin32\svchost.exe
- C:\RECYCLER\bin32\uptime.exe
- C:\RECYCLER\bin32\winsvc.exe
- C:\RECYCLER\bin32\winsvc.exe /i dqr2.icm
- C:\RECYCLER\bin32\services.exe -install -name:"System64" -launch:"svchost.exe spool.dll"
- C:\RECYCLER\bin32\services.exe -install -name:"System32" -launch:"lsass.exe wm32.dll"
- C:\RECYCLER\bin32\services.exe -uninstall -name:"serv-u"
- C:\RECYCLER\bin32\services.exe /name:"System32" /start:"lsass.exe wm32.dll"
- C:\RECYCLER\bin32\services.exe /name:"System64" /start:"svchost.exe spool.dll"
- C:\RECYCLER\bin32\lsass.exe
- C:\RECYCLER\bin32\lsass.exe wm32.dll
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\dhcp
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\lsass.exe
- <SYSTEM32>\attrib.exe +H +S C:\recycler
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\pskill.exe
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\svchost.exe
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\updater.exe
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\services.exe
- <SYSTEM32>\attrib.exe +H +S C:\recycler\bin32\winsvc.exe
- <SYSTEM32>\net1.exe stop serv-u
- <SYSTEM32>\net.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\cmd.exe /c ""C:\Recycler\bin32\ins.bat" "
- <SYSTEM32>\net.exe stop serv-u
- <SYSTEM32>\net1.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net1.exe start winsvc
- <SYSTEM32>\sc.exe delete SharedAccess
- <SYSTEM32>\net1.exe start System32
- <SYSTEM32>\net1.exe start System64
- C:\RECYCLER\bin32\dqr2.icm
- C:\RECYCLER\bin32\DISKINFO.EXE
- C:\RECYCLER\bin32\hex.ocx
- C:\RECYCLER\bin32\gb.dll
- C:\RECYCLER\bin32\cygcrypt-0.dll
- C:\RECYCLER\bin32\cert.key
- C:\RECYCLER\bin32\de.bat
- C:\RECYCLER\bin32\cygwin1.dll
- C:\RECYCLER\bin32\Results.txt
- C:\RECYCLER\bin32\1
- C:\RECYCLER\bin32\uptime.txt
- C:\RECYCLER\bin32\dqr.icm
- C:\RECYCLER\bin32\a3d.hlp.tmp
- C:\RECYCLER\bin32\Drives.txt
- C:\RECYCLER\bin32\spool.ocx
- C:\RECYCLER\bin32\qe.bat
- C:\RECYCLER\bin32\PSKILL.EXE
- C:\RECYCLER\bin32\spool.dll
- C:\RECYCLER\bin32\services.exe
- C:\RECYCLER\bin32\libeay32.dll
- C:\RECYCLER\bin32\ins.bat
- C:\RECYCLER\bin32\msvcr70.dll
- C:\RECYCLER\bin32\MSVCP60.DLL
- C:\RECYCLER\bin32\wm32.dll
- C:\RECYCLER\bin32\winsvc.exe
- C:\RECYCLER\bin32\cert.crt
- C:\RECYCLER\bin32\lsass.exe
- C:\RECYCLER\bin32\svchost.exe
- C:\RECYCLER\bin32\ssleay32.dll
- C:\RECYCLER\bin32\uptime.exe
- C:\RECYCLER\bin32\test.exe
- C:\RECYCLER\bin32\winsvc.exe
- C:\RECYCLER\bin32\svchost.exe
- C:\RECYCLER\bin32\services.exe
- C:\RECYCLER\bin32\lsass.exe
- C:\RECYCLER\bin32\PSKILL.EXE
- C:\RECYCLER\bin32\de.bat
- 'ft#.###e.cornell.edu':21
- 'sp###.mit.edu':21
- 'a.##.uiuc.edu':21
- 'ft#.#emon.co.uk':21
- 'localhost':1057
- 'localhost':1058
- 'ir#.#izon.org':6667
- 'ts###1.mit.edu':21
- 'localhost':1073
- 'localhost':1074
- 'ir#.#uped.com':6667
- 'www.wh###smyip.com':80
- 'ft#.##ctr.uga.edu':21
- 'localhost':1069
- 'localhost':1070
- 'ft#.####ics.ohio-state.edu':21
- 'ft#.ea.com':21
- 'localhost':1045
- 'localhost':1046
- 'localhost':1041
- 'localhost':1036
- 'localhost':1037
- 'ir#.#izon.net':6667
- 'ft#.aol.com':21
- 'ft#.###tcircuits.com':21
- 'ft#.osc.edu':21
- 'ft#.#ovell.com':21
- 'ft#.##i-bayreuth.de':21
- 'ir#.#uped.com':6669
- 'ft#.##mantec.com':21
- 'ft#.##sa.uiuc.edu':21
- www.wh###smyip.com/
- DNS ASK ir#.#izon.org
- DNS ASK ft#.#emon.co.uk
- DNS ASK ft#.#ovell.com
- DNS ASK ft#.####ics.ohio-state.edu
- DNS ASK ft#.###e.cornell.edu
- DNS ASK ts###1.mit.edu
- DNS ASK ft#.##ctr.uga.edu
- DNS ASK sp###.mit.edu
- DNS ASK a.##.uiuc.edu
- DNS ASK www.wh###smyip.com
- DNS ASK ft#.ea.com
- DNS ASK ft#.aol.com
- DNS ASK ft#.osc.edu
- DNS ASK ir#.#izon.net
- DNS ASK ir#.#uped.com
- DNS ASK ft#.##i-bayreuth.de
- DNS ASK ft#.###tcircuits.com
- DNS ASK ft#.##mantec.com
- DNS ASK ft#.##sa.uiuc.edu
- 'localhost':1038
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''