Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'syswubi' = '<SYSTEM32>\wubi.exe'
- %WINDIR%\Temp\IE8.reg
- %WINDIR%\Temp\qidong.reg
- %WINDIR%\Temp\zhuce.bat
- %WINDIR%\Temp\zhuce.vbs
- %WINDIR%\Temp\PinYin_bho.dll
- %WINDIR%\Temp\pinyin.exe
- %WINDIR%\Temp\wubi.exe
- <SYSTEM32>\PinYin_bho.dll
- <SYSTEM32>\pinyin.exe
- <SYSTEM32>\wubi.exe
- %WINDIR%\Temp\1.txt
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\temp\zhuce.vbs"
- '<SYSTEM32>\wubi.exe'
- '<SYSTEM32>\pinyin.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\zhuce.bat" "
- '%WINDIR%\regedit.exe' /s qidong.reg
- '%WINDIR%\regedit.exe' /s IE8.reg
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\PinYin_bho.dll
- '%WINDIR%\regedit.exe' /e 1.txt "HKEY_CLASSES_ROOT\PinYin_bho.pinyin\Clsid\"