Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] '<File name>' = '<SYSTEM32>\<File name>.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '<SYSTEM32>\<File name>.exe'
- <SYSTEM32>\<File name>.exe
- %TEMP%\~DF5CDC.tmp
- <Full path to file>
- <SYSTEM32>\<File name>.exe
- 'ma##.roge.org':25
- DNS ASK ma##.roge.org