Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Windows Subsys' = '"<SYSTEM32>\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Subsys' = '"<SYSTEM32>\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32'
- <SYSTEM32>\winload.exe rundll32.dll,loadsubsys,loadwin32,loadsys,win32
- <SYSTEM32>\winload.exe
- 'lo##.##eesubdomains.net':6667
- DNS ASK lo##.##eesubdomains.net