Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{729B6C61-BDC5-4C09-A1DE-A296BA0B89EC}' = ''
- '%TEMP%\破解版 自动BIngo.exe'
- '%TEMP%\wyls.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\_xr.bat" "
- %TEMP%\_xr.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\blog_e4a536240101jz16[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\blog_e4a536240101jz16[1].html
- %TEMP%\wyls.exe
- %TEMP%\破解版 自动BIngo.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\SysInfo.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\blog_e4a536240101jz16[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\blog_e4a536240101jz16[1].html
- %TEMP%\wyls.exe
- 'bl##.#ina.com.cn':80
- bl##.#ina.com.cn/s/blog_e4a536240101jz16.html
- DNS ASK bl##.#ina.com.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'ListBox' WindowName: 'ZXY_ExeWL'
- ClassName: 'ListBox' WindowName: 'ZXY_DllWL'