Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DarkSoul' = '%APPDATA%\Microsoft\Microsoft.exe'
- %TEMP%\aut1.tmp
- %APPDATA%\Microsoft\Microsoft.exe
- %TEMP%\aut1.tmp
- 'co#.##lls-it.net':1973
- DNS ASK co#.##lls-it.net
- '%APPDATA%\Microsoft\Microsoft.exe'