Technical Information
- "%TEMP%\onNrl.exe" (downloaded from the Internet)
- %APPDATA%\GBAdder.exe
- %TEMP%\onNrl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\cyber[1].exe
- %APPDATA%\GBAdder.exe
- from <Full path to virus> to %TEMP%\GLA7XXFPV
- 'dl.##opbox.com':80
- 'localhost':1037
- dl.##opbox.com/u/30857314/cyber.exe
- DNS ASK dl.##opbox.com