Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, weros.exe'
- %ALLUSERSPROFILE%\Application Data\systemskeys.ini
- %WINDIR%\weros.exe
- 'dr###pwn.org':80
- http://dr###pwn.org/walking/
- DNS ASK dr###pwn.org
- ClassName: '' WindowName: 'Internet Explorer'
- ClassName: '' WindowName: 'Windows Internet Explorer'
- '<Full path to file>'