Technical Information
- [<HKLM>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'HKCU' = '%APPDATA%\System\explorer.exe'
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'HKCU' = '%APPDATA%\System\explorer.exe'
- %APPDATA%\system\explorer.exe
- from <Full path to file> to %TEMP%\1060.exe
- DNS ASK ho####1.no-ip.info