Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CorpSoft' = '%PROGRAM_FILES%\Shakar.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CorpFire' = '<Имя диска съемного носителя>:\Program Files\Shakar.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CorpSoft' = '%PROGRAM_FILES%\Shakar.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CorpFire' = '<Имя диска съемного носителя>:\Program Files\Shakar.exe'
- 'C:\Extracted\FaceBook Account Hacker V3.2.exe'
- C:\Extracted\isetup-5.5.2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\FaceBook%20Account%20Hacker%20v3.2[1].exe
- %TEMP%\sfx.ini
- C:\Extracted\FaceBook Account Hacker V3.2.exe
- %TEMP%\sfx.ini
- 'rg##st.net':80
- rg##st.net/download/42899331/f7f389f15420caee4f9849183bd8255774996b37/FaceBook%20Account%20Hacker%20v3.2.exe
- DNS ASK rg##st.net
- ClassName: 'Indicator' WindowName: '(null)'