Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wwmtrgoi] 'Startup' = 'NotifyStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wwmtrgoi] 'Dllname' = 'wwmtrgoi.dll'
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\wwmtrgoi.dll",C5F78100EBAE4D63B550CA5E8448E965
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\wwmtrgoi.dllx
- <SYSTEM32>\wwmtrgoi.dll
- %ProgramFiles%\Hotab.dll
- <SYSTEM32>\wwmtrgoi.dllx
- '20#.#26.173.106':80
- http://20#.#26.173.106/server/server/index.php