Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = 'C:\restructdata\<File name>.exe'
- C:\restructdata\<File name>.exe
- <SYSTEM32>\MSWINSCK.OCX
- 'el###.ddns.net':4018
- DNS ASK el###.ddns.net
- 'C:\restructdata\<File name>.exe'
- '<SYSTEM32>\regsvr32.exe' -s MSWINSCK.OCX