Техническая информация
- %APPDATA%\microsoft\windows\cookies\desktop.ini
- %TEMP%\sys32\new pc infected qcqoxdwd.html
- %APPDATA%\microsoft\windows\cookies\desktop.ini
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- http://wh###smyip.com/automation/n09230945.asp
- DNS ASK wh###smyip.com
- DNS ASK sm##.gmail.com
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 2' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 2