Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\Install.exe'
- '%TEMP%\etoro.EXE' %TEMP%\
- '%TEMP%\IXP000.TMP\FOREXT~1.EXE'
- '%TEMP%\eToroSetup.exe'
- '%TEMP%\etoro.EXE' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\etoro[1].EXE
- %TEMP%\etoro.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\installer[1]
- %TEMP%\IXP000.TMP\Install.exe
- %TEMP%\eToroSetup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\installer[1]
- %TEMP%\IXP000.TMP\FOREXT~1.EXE
- %TEMP%\IXP000.TMP\Install.exe
- 'localhost':1037
- 'www.et##o.com':80
- www.et##o.com/SDL/typeC/etoro.EXE
- www.et##o.com/installer/?st######
- DNS ASK www.et##o.com