Technical Information
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, <DRIVERS>\svchost.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UIHost' = 'logonui.exe, <SYSTEM32>\dllcache\recycled.exe'
- <Drive name for removable media>:\recycler\s-1-5-21-8749679017-0950430147-468708784-3200\recycler.scr
- C:\recycler\s-1-5-21-8749679017-0950430147-468708784-3200\recycler.scr
- D:\recycler\s-1-5-21-8749679017-0950430147-468708784-3200\recycler.scr
- 'h1.##pway.com':80
- DNS ASK h1.##pway.com