Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dwm' = '<Full path to file>'
- %APPDATA%\path.txt
- %APPDATA%\path.txt
- 'bl######s123.byethost7.com':80
- http://bl######s123.byethost7.com/OdaNegra/winlogon.txt?re##########################################
- http://bl######s123.byethost7.com/OdaNegra/FileCreating.txt?re##########################################
- http://se###arking.com/frmpark/byethost7.com/sedopark/park.js
- DNS ASK bl######s123.byethost7.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''