Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ce2290283b203098b0818481c9e9b465' = '"%TEMP%\smb.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ce2290283b203098b0818481c9e9b465' = '"%TEMP%\smb.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\ce2290283b203098b0818481c9e9b465.exe
- %TEMP%\smb.exe
- 'ho####gpmy.ddns.me':4447
- DNS ASK ho####gpmy.ddns.me
- '%TEMP%\smb.exe'