Техническая информация
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\u6e4cfso\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\qy5kfq4k\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\qd4kedjv\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\ge8w9xfw\desktop.ini
- %WINDIR%\wg.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\u6e4cfso\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\qy5kfq4k\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\qd4kedjv\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\ge8w9xfw\desktop.ini
- %WINDIR%\wg.txt
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\desktop.ini
- 'sa##.ywxww.net':820
- http://sa##.#wxww.net:820/wg.txt via sa##.ywxww.net
- DNS ASK sa##.ywxww.net
- '%WINDIR%\syswow64\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8' (со скрытым окном)
- '%WINDIR%\syswow64\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8