Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Protect_Microsoft.exe Peru' = '%ALLUSERSPROFILE%\Application Data\albema\Protect_Microsoft.exe'
- [<HKCU>\Software\Microsoft\MessengerService]
- %ALLUSERSPROFILE%\Application Data\%USERNAME%.txt
- %ALLUSERSPROFILE%\Application Data\albema\Protect_Microsoft.exe
- '20#.#72.230.174':80
- 'gn#####teachings.org':80
- 'www.su###lite.org':80
- 'www.am#####nlogisticsa.com':80
- 'www.ec##a.com':80
- 20#.#72.230.174/ocomon/ocomon/.../wab/install.php
- www.su###lite.org/media/system/images/install.php
- gn#####teachings.org/media/system/images/install.php
- www.am#####nlogisticsa.com/media/system/images/filter.php
- www.ec##a.com/media/system/images/filter.php
- www.su###lite.org/media/system/css/filter.php
- DNS ASK www.su###lite.org
- DNS ASK gn#####teachings.org
- DNS ASK www.am#####nlogisticsa.com
- DNS ASK www.ec##a.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Chrome_WidgetWin_0' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''