Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, "%PROGRAMDATA%\dd7b520272f8c6b62b70\gennt.exe"'
- %WINDIR%\syswow64\secinit.exe
- %PROGRAMDATA%\dd7b520272f8c6b62b70\gennt.exe
- '13#.#62.125.233':443
- '%PROGRAMDATA%\dd7b520272f8c6b62b70\gennt.exe' "<Full path to file>" ensgJJ
- '%PROGRAMDATA%\dd7b520272f8c6b62b70\gennt.exe' "<Full path to file>" ensgJJ' (with hidden window)
- '%WINDIR%\syswow64\secinit.exe'