Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%WINDIR%\winrun.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\winlogin.exe'
- %WINDIR%\winrun.exe
- <SYSTEM32>\winlogin.exe
- 'www.th#####nitijumper.com':80
- 'ho#####jesydomains.com':80
- www.th#####nitijumper.com/files/directory/htdacces
- ho#####jesydomains.com/email/directory/archivos/htdacces
- DNS ASK www.th#####nitijumper.com
- DNS ASK ho#####jesydomains.com
- '<Private IP address>':1038