Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8ddca91c4b8751aa34712357823866a6' = '"%TEMP%\Google .exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8ddca91c4b8751aa34712357823866a6' = '"%TEMP%\Google .exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\8ddca91c4b8751aa34712357823866a6.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Google .exe' = '%TEMP%\Google .exe:*:Enabled:Google .exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Google .exe" "Google .exe" ENABLE
- %TEMP%\Google .exe
- %HOMEPATH%\Local Settings\Temp:{61007600-7800-3800-5600-470068003800}
- <Current directory>:{61007600-7800-3800-5600-470068003800}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{61007600-7800-3800-5600-470068003800}
- 'mo####rcv.hopto.org':1999
- DNS ASK mo####rcv.hopto.org
- '%TEMP%\Google .exe'