Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\lEXPLORER.exe /a"'
- %WINDIR%\lEXPLORER.exe
- <SYSTEM32>\regsvr32.exe %WINDIR%\mswinsck.ocx /s
- <Current directory>\d31.bat
- %WINDIR%\mswinsck.ocx
- %WINDIR%\lEXPLORER.exe
- 'pe####ndaisy.com':80
- pe####ndaisy.com/upload/bbs/shopimg.jpg
- DNS ASK pe####ndaisy.com
- ClassName: 'Shell_TrayWnd' WindowName: ''