Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DCPs.exe Portugal' = '%PROGRAMDATA%\RedShotss\DCPs.exe'
- %PROGRAMDATA%\redshotss\dcps.exe
- 'am#####nlogisticsa.com':80
- 'th####yopinion.org':80
- http://th####yopinion.org/administrator/images/filter.php
- DNS ASK am#####nlogisticsa.com
- DNS ASK th####yopinion.org
- DNS ASK na#####bottledepot.ca
- ClassName: 'Chrome_WidgetWin_0' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''