Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd446e335e7b2db5faacbbe3e56f4bbb6' = '"%WINDIR%\ethernet.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'd446e335e7b2db5faacbbe3e56f4bbb6' = '"%WINDIR%\ethernet.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\ethernet.exe" "ethernet.exe" ENABLE
- %TEMP%\ixp000.tmp\eth.exe
- %TEMP%\ixp000.tmp\vip72s~1.exe
- %WINDIR%\ethernet.exe
- %TEMP%\is-dfsqt.tmp\vip72s~1.tmp
- %TEMP%\is-8h59n.tmp\_isetup\_setup64.tmp
- %TEMP%\is-8h59n.tmp\_isetup\_shfoldr.dll
- 'me####fh.hopto.org':5552
- DNS ASK me####fh.hopto.org
- '%TEMP%\ixp000.tmp\eth.exe'
- '%WINDIR%\ethernet.exe'
- '%TEMP%\ixp000.tmp\vip72s~1.exe'
- '%TEMP%\is-dfsqt.tmp\vip72s~1.tmp' /SL5="$90232,3062908,56832,%TEMP%\IXP000.TMP\VIP72S~1.EXE"
- '%TEMP%\ixp000.tmp\eth.exe' ' (со скрытым окном)
- '%TEMP%\ixp000.tmp\vip72s~1.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\ethernet.exe" "ethernet.exe" ENABLE' (со скрытым окном)