Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss.exe' = '%APPDATA%\<File name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'csrss.exe' = '%APPDATA%\<File name>.exe'
- <File name>.exe
- %TEMP%\cun.sse
- %TEMP%\aut1.tmp
- %APPDATA%\<File name>.exe
- %TEMP%\aut1.tmp
- 'le####edro.ddns.net':5050
- DNS ASK le####edro.ddns.net
- '%APPDATA%\<File name>.exe'