Technical Information
- %WINDIR%\syswow64\net.exe
- %WINDIR%\syswow64\cmd.exe
- 'fi##.#f00001.com':1714
- 'fi##.#f00001.com':1219
- http://FI##.##00001.COM:1714/CFBED/CFBED64B.TXT?48####
- http://FI##.##00001.COM:1714/CFBED/CFBEDpuppet.Txt?49####
- DNS ASK fi##.#f00001.com
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\net.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\net.exe'