Technical Information
- %WINDIR%\syswow64\userinit.exe
- C:\fkfkgfflfe.ini
- C:\fkfkgfflfe.ini
- <Full path to file>
- 'fi##.#f00001.com':1714
- 'fi##.#f00001.com':1219
- http://FI##.##00001.COM:1714/CFBED/CFBED.txt?11#####
- http://FI##.##00001.COM:1714/CFBED/CFBEDpuppet.Txt?11#####
- DNS ASK fi##.#f00001.com
- '%WINDIR%\syswow64\userinit.exe'