Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,"<SYSTEM32>\clientmon.exe"'
- <SYSTEM32>\clientmon.exe
- C:\118232\regidit.exe
- C:\74ac10f99347872a91c6a902f8d47d2227b7b59c
- C:\74ac10f99347872a91c6a902f8d47d2227b7b59c
- 'di######erte666.duckdns.org':4112
- DNS ASK di######erte666.duckdns.org
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Window" /rl highest /tr "'\118232\regidit.exe' /startup" /f