Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '190b988864824d95457046f8b7dd9641' = '"%TEMP%\Windows Explorer.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '190b988864824d95457046f8b7dd9641' = '"%TEMP%\Windows Explorer.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\190b988864824d95457046f8b7dd9641.exe
- %TEMP%\windows explorer.exe
- 'tr####2.ddns.net':3
- DNS ASK tr####2.ddns.net
- '%TEMP%\windows explorer.exe'