Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\udata\notepad.exe'
- '%TEMP%\udata\notepad.exe'
- '<SYSTEM32>\tasklist.exe' /svc
- '<SYSTEM32>\cmd.exe' /A /C "tasklist /svc" > %TEMP%\update2980.log
- %TEMP%\update2980.log
- %TEMP%\udata\cfg.ini
- %TEMP%\update2980.log
- %TEMP%\udata\cfg.ini в %TEMP%\udata\notepad.exe
- 'im####.sequoiame.com':80
- 'localhost':1039
- http://im####.sequoiame.com/images/art.asp
- DNS ASK im####.sequoiame.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''