Technical Information
- '%TEMP%\wg0cb.exe' (downloaded from the Internet)
- '%TEMP%\wg0cb.exe' /S /adv 1677
- %TEMP%\nso2.tmp\System.dll
- %TEMP%\nso2.tmp\inetc.dll
- %TEMP%\nso2.tmp\blowfish.dll
- %TEMP%\nso2.tmp\System.dll
- %TEMP%\nso2.tmp\inetc.dll
- %TEMP%\nso2.tmp\blowfish.dll
- 'cy##o.gdn':80
- '15#.80.8.97':5450
- http://cy##o.gdn/nm/geoip.php
- DNS ASK cy##o.gdn
- ClassName: 'Shell_TrayWnd' WindowName: ''