Technical Information
- [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Full path to file>\HShieldBypass.exe /Stealth'
- 'go###e.com.ph':80
- 'go###e.com.ph':443
- 'pk#.goog':80
- http://www.go###e.com.ph/
- http://pk#.goog/gsr1/gsr1.crt
- 'go###e.com.ph':443
- DNS ASK go###e.com.ph
- DNS ASK pk#.goog