Technical Information
- %LOCALAPPDATA%\microsft\server.txt
- %TEMP%\nst8dfa.tmp\system.dll
- %TEMP%\nst8dfa.tmp\modern-header.bmp
- %TEMP%\standard_googledrive_img.bmp
- %TEMP%\standard_googletoolbar_img.bmp
- %TEMP%\standard_chrome_img.bmp
- %TEMP%\standard_chrome_icon.bmp
- %TEMP%\ps_logo_large.bmp
- %TEMP%\photoscape.bmp
- %TEMP%\header_k.bmp
- %TEMP%\header.bmp
- %TEMP%\google_icon_translate.bmp
- %TEMP%\nst8dfa.tmp\userinfo.dll
- %TEMP%\google_icon_search.bmp
- %TEMP%\chrome_icon.bmp
- %TEMP%\license_k.htm
- %TEMP%\license.htm
- %TEMP%\microsoft.vc90.crt.manifest
- %TEMP%\msvcr90.dll
- %TEMP%\gdapi.dll
- %TEMP%\gcapi_dll.dll
- %TEMP%\gtapi_signed.dll
- %TEMP%\gtgcapi.exe
- %TEMP%\googlesetup.exe
- %LOCALAPPDATA%\tempphotoscape_v3_7.exe
- %TEMP%\google_icon_autofill.bmp
- %TEMP%\nst8dfa.tmp\nsdialogs.dll
- %LOCALAPPDATA%\microsft\server.txt
- http://wi######hone.byethost24.com/cuto/text.txt
- DNS ASK wi######hone.byethost24.com
- '%LOCALAPPDATA%\tempphotoscape_v3_7.exe'
- '%TEMP%\gtgcapi.exe'
- '%TEMP%\gtgcapi.exe' /reasongccc
- '%TEMP%\gtgcapi.exe' /reasontcc
- '%TEMP%\gtgcapi.exe' /reasongdcc