Technical Information
- %WINDIR%\syswow64\cleanmgr.exe
- C:\fef0gffe.ini
- C:\fef0gffe.ini
- from <Full path to file> to %TEMP%\0kjdv\....\0kjdv
- <Full path to file>
- 'lo###.nb00001.com':1714
- http://lo###.#FD3D.com:1714/CFESP/CFESP.txt?10#####
- http://lo###.#fd3d.com:1714/CFESP/CFESPpuppet.Txt?10##### via lo###.cfd3d.com
- DNS ASK lo###.cfd3d.com
- DNS ASK lo###.nb00001.com
- '%WINDIR%\syswow64\cleanmgr.exe'