Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\kernel.exe'
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\shell64[1].dll
- <SYSTEM32>\shell64.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lsass32[1].dll
- <SYSTEM32>\lsass32.dll
- 'www.15##wg.cn':80
- 'localhost':1035
- www.15##wg.cn/shell64.dll
- www.15##wg.cn/lsass32.dll
- DNS ASK www.15##wg.cn