Technical Information
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,%TEMP%\svchost.exe'
- hidden files
- file extensions
- <DRIVERS>\tmpp.exe
- %TEMP%\svchost.exe
- 'mh##.gnet.ba':80
- http://www.fu###red.com/private/upload/uploads/finalico.exe
- DNS ASK fu###red.com
- DNS ASK mh##.gnet.ba