Technical Information
- '%TEMP%\grgcg.exe' (downloaded from the Internet)
- '%TEMP%\grtby.exe' (downloaded from the Internet)
- '%TEMP%\grgcg.exe' /upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b
- '%TEMP%\grtby.exe' /S /adv 1677
- %TEMP%\nsq2.tmp\System.dll
- %TEMP%\nsq2.tmp\inetc.dll
- %TEMP%\nsq2.tmp\blowfish.dll
- %TEMP%\nsq2.tmp\System.dll
- %TEMP%\nsq2.tmp\inetc.dll
- %TEMP%\nsq2.tmp\blowfish.dll
- 'cy##o.gdn':80
- '15#.80.8.97':5450
- http://cy##o.gdn/jk/jk.php
- http://cy##o.gdn/nm/geoip.php
- DNS ASK cy##o.gdn
- ClassName: 'Shell_TrayWnd' WindowName: ''