Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'c:\reveal\ct-80\RitSplash.exe'
- \Device\LanmanRedirector\127.0.0.1\IPC$\InitShutdown
- \Device\LanmanRedirector\127.0.0.1\PIPE\winreg
- C:\RitInstallAgent.log
- 'localhost':445
- '10.#0.10.2':80
- '10.#0.10.2':445