Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogons' = '\winlogons\winlogons.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogons' = '%APPDATA%\winlogons\winlogons.exe'
- C:\winlogons\winlogons.exe
- %APPDATA%\winlogons\winlogons.exe
- %APPDATA%\Imminent\Logs\19-04-2018
- %APPDATA%\Imminent\Path.dat
- <Full path to file>
- 'xd#####ox.no-ip.info':9450
- DNS ASK xd#####ox.no-ip.info