Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'shed.exe Portugal' = '%ALLUSERSPROFILE%\Application Data\UuNnTtIiL\shed.exe'
- '%ALLUSERSPROFILE%\Application Data\UuNnTtIiL\shed.exe'
- '%ProgramFiles%\Messenger\msmsgs.exe' -Embedding
- %WINDIR%\Explorer.EXE
- %TEMP%\Orz+SV.exe
- %ALLUSERSPROFILE%\Application Data\UuNnTtIiL\shed.exe
- %TEMP%\Orz+SV.exe
- 'www.su###lite.org':80
- 'gn#####teachings.org':80
- 'www.ne###diapa.net':80
- 'www.dj####rlight.com':80
- 'www.am#####nlogisticsa.com':80
- 'tr####choice.com.au':80
- 'na#####bottledepot.ca':80
- http://www.ne###diapa.net/administrator/images/include.exe.bak
- http://www.dj####rlight.com/administrator/images/install.php
- http://www.su###lite.org/administrator/images/install.php
- http://gn#####teachings.org/administrator/images/install.php
- http://www.am#####nlogisticsa.com/administrator/images/filter.php
- http://tr####choice.com.au/administrator/images/filter.php
- http://na#####bottledepot.ca/administrator/images/filter.php
- DNS ASK www.su###lite.org
- DNS ASK gn#####teachings.org
- DNS ASK www.ne###diapa.net
- DNS ASK www.dj####rlight.com
- DNS ASK www.am#####nlogisticsa.com
- DNS ASK tr####choice.com.au
- DNS ASK na#####bottledepot.ca
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Chrome_WidgetWin_0' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''