Technical Information
- %APPDATA%\windowssecur.exe
- %APPDATA%\microsoft\windows\cookies\desktop.ini
- %APPDATA%\microsoft\windows\cookies\desktop.ini
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- http://ul####telogger.com/customers/ip.php
- DNS ASK sm##.gmail.com
- DNS ASK ul####telogger.com
- '%APPDATA%\windowssecur.exe'
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 2' (with hidden window)
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 2