Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '360k' = '"%ALLUSERSPROFILE%\Application Data\sso\svchost.exe"'
- <SYSTEM32>\msiexec.exe
- %TEMP%\pnipcn.dll
- %TEMP%\pnipcn.dll.url
- %TEMP%\ssonsvr.exe
- %ALLUSERSPROFILE%\Application Data\sso\config.ini
- <Full path to file>
- from %TEMP%\ssonsvr.exe to %ALLUSERSPROFILE%\Application Data\sso\svchost.exe
- from %TEMP%\pnipcn.dll to %ALLUSERSPROFILE%\Application Data\sso\pnipcn.dll
- from %TEMP%\pnipcn.dll.url to %ALLUSERSPROFILE%\Application Data\sso\pnipcn.dll.url
- 'localhost':443
- '%TEMP%\ssonsvr.exe'
- '<SYSTEM32>\cmd.exe' /c del /q <Full path to file>
- '<SYSTEM32>\msiexec.exe' 127.0.0.1 443 1