Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,"<SYSTEM32>\Wdgg\sr.exe"'
- <SYSTEM32>\Wdgg\sr.exe
- <Full path to file>
- <SYSTEM32>\Wdgg\sr.exe
- from <Full path to file> to %TEMP%\8747
- '18#.#88.206.185':80
- http://18#.#88.206.185/collaps/gate.php
- '<SYSTEM32>\Wdgg\sr.exe'