Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] 'OperatingSystem' = '%WINDIR%\UserInfo.exe'
- %WINDIR%\userinfo.exe
- C:\config.ini
- %APPDATA%\hijack.dll
- %WINDIR%\userinfo.exe
- '59.##8.25.246':54328
- '%WINDIR%\userinfo.exe'