Technical Information
- [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Sub\Client.exe'
- %WINDIR%\sub\client.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\sub\client.exe
- 'pa###bin.com':443
- 'pk#.goog':80
- 'ja######ract.gl.at.ply.gg':24403
- 'ic###azip.com':80
- http://pk#.goog/gsr1/gsr1.crt
- http://ic###azip.com/
- 'pa###bin.com':443
- 'ja######ract.gl.at.ply.gg':24403
- DNS ASK pa###bin.com
- DNS ASK pk#.goog
- DNS ASK ja######ract.gl.at.ply.gg
- DNS ASK ic###azip.com