Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Gcafe Service' = '"<Full path to file>"'
- <Current directory>\GcafeService_net.zip
- 'go###e.com.vn':80
- 'ol##in.com':80
- http://go###e.com.vn/
- http://ol##in.com/files/GcafeService_net.zip
- http://ol##in.com/gcafe/ver_net.php
- DNS ASK go###e.com.vn
- DNS ASK ol##in.com
- ClassName: 'Gcafe Service - NET' WindowName: 'fb.com/keygca [Oct 16 2017]'