Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MyPro' = '<SYSTEM32>\facebook Servises.exe'
- <SYSTEM32>\facebook Servises.exe
- %TEMP%\aut9.tmp
- <SYSTEM32>\fbmimg\7.dll
- %TEMP%\autA.tmp
- <SYSTEM32>\fbmimg\5.dll
- %TEMP%\aut8.tmp
- <SYSTEM32>\fbmimg\6.dll
- <SYSTEM32>\fbmimg\8.dll
- <SYSTEM32>\fbmimg\10.dll
- %TEMP%\autE.tmp
- <SYSTEM32>\facebook Servises.exe
- %TEMP%\autB.tmp
- <SYSTEM32>\fbmimg\9.dll
- %TEMP%\autC.tmp
- <SYSTEM32>\fbmimg\0.dll
- %TEMP%\aut3.tmp
- <SYSTEM32>\fbmimg\1.dll
- %TEMP%\aut1.tmp
- <SYSTEM32>\fbmimg\err.dll
- %TEMP%\aut2.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut6.tmp
- <SYSTEM32>\fbmimg\4.dll
- %TEMP%\aut7.tmp
- <SYSTEM32>\fbmimg\2.dll
- %TEMP%\aut5.tmp
- <SYSTEM32>\fbmimg\3.dll
- %TEMP%\autA.tmp
- %TEMP%\aut9.tmp
- %TEMP%\aut8.tmp
- %TEMP%\autE.tmp
- %TEMP%\autC.tmp
- %TEMP%\autB.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut4.tmp
- 'fa#####kmaster.host.org':21
- 'ft#.####load.allalla.com':21
- 'mo###orse.co':21
- DNS ASK ft#.####load.allalla.com
- DNS ASK fa#####kmaster.host.org
- DNS ASK mo###orse.co
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''