A cookie saved by the user's browser named "CoreBeta".
First it checks for a specific cookie named "CoreBeta" in order to verify if the system was already attacked. If the cookie isn't found then it's created and set to expire in one day. After this, it decrypts some of its own code, inserting in the page several other masked components. If the cookie is found then the user gets an "about:blank" page.