Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MyPro' = '<SYSTEM32>\facebook Servises.exe'
- <SYSTEM32>\facebook Servises.exe
- <SYSTEM32>\fbtimg\2b.dll
- %TEMP%\aut9.tmp
- <SYSTEM32>\fbtimg\3.dll
- %TEMP%\aut7.tmp
- <SYSTEM32>\fbtimg\2a.dll
- %TEMP%\aut8.tmp
- <SYSTEM32>\fbtimg\3b.dll
- %TEMP%\autD.tmp
- <SYSTEM32>\facebook Servises.exe
- %TEMP%\autA.tmp
- <SYSTEM32>\fbtimg\3a.dll
- %TEMP%\autB.tmp
- <SYSTEM32>\fbtimg\0a.dll
- %TEMP%\aut3.tmp
- <SYSTEM32>\fbtimg\1.dll
- %TEMP%\aut1.tmp
- <SYSTEM32>\fbtimg\0.dll
- %TEMP%\aut2.tmp
- <SYSTEM32>\fbtimg\1b.dll
- %TEMP%\aut6.tmp
- <SYSTEM32>\fbtimg\2.dll
- %TEMP%\aut4.tmp
- <SYSTEM32>\fbtimg\1a.dll
- %TEMP%\aut5.tmp
- %TEMP%\aut9.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut7.tmp
- %TEMP%\autD.tmp
- %TEMP%\autB.tmp
- %TEMP%\autA.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut4.tmp
- 'fa#####kmaster.host.org':21
- 'mo###orse.co':21
- 'ft#.####load.allalla.com':21
- DNS ASK fa#####kmaster.host.org
- DNS ASK ft#.####load.allalla.com
- DNS ASK mo###orse.co
- '<Private IP address>':1037
- '<Private IP address>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''