Technical Information
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\j3jcj67g\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\7cmym16m\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\wh2px4vc\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\k7gys2o3\desktop.ini
- %WINDIR%\wg.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\j3jcj67g\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\7cmym16m\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\wh2px4vc\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\k7gys2o3\desktop.ini
- %WINDIR%\wg.txt
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\desktop.ini
- http://sa##.#wxww.net:820/wg.txt via sa##.ywxww.net
- DNS ASK sa##.ywxww.net
- '%WINDIR%\syswow64\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8