Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'csrss' = '%LOCALAPPDATA%\AMD Drivers\csrss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'csrss' = '%LOCALAPPDATA%\AMD Drivers\csrss.exe'
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- %LOCALAPPDATA%\amd drivers\csrss.exe
- '95.##1.21.137':80
- http://ip###odb.com/ip_query.php
- http://www.wh###smyip.com/automation/n09230945.asp
- http://95.##1.21.137/goethe/connect.php
- DNS ASK wh###smyip.com
- DNS ASK ip###odb.com
- '%LOCALAPPDATA%\amd drivers\csrss.exe'
- '%WINDIR%\syswow64\netsh.exe' Advfirewall set Currentprofile State off