Technical Information
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,%TEMP%\svchost.exe'
- hidden files
- file extensions
- <SYSTEM32>\dllcache\stub.exe
- %TEMP%\svchost.exe
- http://h1.##pway.com/windowsgames/Stub.exe
- DNS ASK h1.##pway.com