Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\wbt32] 'Start' = '00000002'
- <SYSTEM32>\wnh.exe
- C:\Documents and Settings\LocalService\Local Settings\Application Data\sLT.exf
- <SYSTEM32>\wnh.exe
- 'an##off.ru':80
- an##off.ru/antihack/?id#################################
- DNS ASK an##off.ru
- '<Private IP address>':1035