Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '%TEMP%\<File name>.exe'
- %TEMP%\<File name>.exe
- %TEMP%\obama.exe
- <Full path to file>
- http://google.com/
- http://www.google.com/
- DNS ASK google.com
- DNS ASK gi##ub.com
- DNS ASK ra#.####ubusercontent.com
- '%TEMP%\obama.exe'
- '%TEMP%\obama.exe' ' (with hidden window)