Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\The Etool ] 'Start' = '00000002'
- '%WINDIR%\Etool.exe'
- '%TEMP%\劲舞喷嚏.exe'
- '%TEMP%\111.exe'
- '%WINDIR%\desktop.ini' %TEMP%\\s6.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s5.exe
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Delete.bat
- '%WINDIR%\desktop.ini' %TEMP%\\s9.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s8.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s7.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s1.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s0.exe
- '%WINDIR%\desktop.ini'
- '%WINDIR%\desktop.ini' %TEMP%\\s4.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s3.exe
- '%WINDIR%\desktop.ini' %TEMP%\\s2.exe
- %WINDIR%\Etool.exe
- %WINDIR%\Delete.bat
- %TEMP%\1
- %TEMP%\111.exe
- %TEMP%\劲舞喷嚏.exe
- %WINDIR%\Etool.exe
- %TEMP%\111.exe
- '64####35.3322.org':8000
- 'ff######fffffff.3322.org':80
- ff######fffffff.3322.org/1.txt
- DNS ASK 64####35.3322.org
- DNS ASK ff######fffffff.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''