Technical Information
- C:\gos\loader.exe
- C:\gos\gosvn.exe
- %HOMEPATH%\desktop\gosvn.exe.lnk
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\5mpf10y1\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\3qryc4ne\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\i28k8a54\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\njb350yf\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\5mpf10y1\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\3qryc4ne\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\i28k8a54\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\njb350yf\desktop.ini
- <DRIVERS>\etc\hosts
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\desktop.ini
- '10#.#8.80.15':80
- http://10#.#8.80.15/GoS/2.8.html
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- 'C:\gos\gosvn.exe'
- '%WINDIR%\syswow64\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8