Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] '{JH8W2ZF8-471981-4DER0E-4DER0ES99S}' = '"%TEMP%\Google Admin.exe" ...'
- %APPDATA%\microsoft\windows\start menu\programs\startup\{jh8w2zf8-471981-4der0e-4der0es99s}.exe
- hidden files
- %TEMP%\google admin.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\{jh8w2zf8-471981-4der0e-4der0es99s}.exe
- %TEMP%\google admin.exe
- 'dr###.ddns.net':1999
- DNS ASK dr###.ddns.net
- '%TEMP%\google admin.exe'