Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'facebook' = '<SYSTEM32>\facebook.exe s'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\facebook.exe
- %TEMP%\1.tmp
- 'po###e.ddns.ms':80
- 'fo#####4.dns-dns.com':80
- po###e.ddns.ms/View?id###################
- fo#####4.dns-dns.com/View?id###################
- DNS ASK po###e.ddns.ms
- DNS ASK fo#####4.dns-dns.com
- ClassName: 'Indicator' WindowName: ''