Technical Information
- 'C:\wbad\oyke01.exe'
- 'C:\wbad\Deskside\DeskSide.exe'
- '<SYSTEM32>\regsvr32.exe' /u /s netcfgx.dll netshell.dll netman.dll
- '<SYSTEM32>\regsvr32.exe' /u /s c:\gamemenu\bin\bhoex.dll
- '<SYSTEM32>\reg.exe' import c:\wbad\pw.reg
- '<SYSTEM32>\cmd.exe' /c ""c:\wbad\wbad.bat" "
- '<SYSTEM32>\powercfg.exe' /setactive ╥╗╓▒┐к╫┼
- '<SYSTEM32>\powercfg.exe' /change ╥╗╓▒┐к╫┼ /monitor-timeout-ac 0
- %WINDIR%\Explorer.EXE
- NtQuerySystemInformation, handler: HideSys.sys
- NtOpenProcess, handler: HideSys.sys
- C:\wbad\oyke01.exe
- C:\wbad\Deskside\Night\小到中雪.gif
- C:\wbad\Deskside\Night\小雨-中雨.gif
- C:\wbad\Deskside\Night\小到中雨.gif
- C:\wbad\Deskside\Night\大雪-暴雪.gif
- C:\wbad\Deskside\Night\大雪.gif
- C:\wbad\Deskside\Night\小雨.gif
- C:\wbad\Deskside\Night\扬沙.gif
- C:\wbad\Deskside\Night\晴.gif
- C:\wbad\Deskside\Night\强沙尘暴.gif
- C:\wbad\Deskside\Night\小雪-中雪.gif
- C:\wbad\Deskside\Night\小雪.gif
- C:\wbad\Deskside\Night\冻雨.gif
- C:\wbad\Deskside\Night\多云.gif
- C:\wbad\Deskside\Night\中雪.gif
- C:\wbad\Deskside\Night\中雨.gif
- C:\wbad\Deskside\Night\中雪-大雪.gif
- C:\wbad\Deskside\Night\大到暴雨.gif
- C:\wbad\Deskside\Night\大雨-暴雨.gif
- C:\wbad\Deskside\Night\大雨.gif
- C:\wbad\Deskside\Night\大暴雨.gif
- C:\wbad\Deskside\Night\大到暴雪.gif
- C:\wbad\Deskside\Night\大暴雨-特大暴雨.gif
- C:\wbad\Deskside\Night\暴雨-大暴雨.gif
- C:\wbad\Deskside\模板\模板1.bmp
- C:\wbad\Deskside\模板\模板2.bmp
- C:\wbad\Deskside\WeatherRes
- C:\wbad\Deskside\Night\雾.gif
- C:\wbad\Deskside\Weather.dll
- C:\wbad\Deskside\模板\模板3.bmp
- C:\wbad\Deskside\К№УГЛµГч.txt
- <DRIVERS>\HideSys.sys
- C:\wbad\pw.reg
- C:\wbad\oyke01.exe
- C:\wbad\Deskside\Night\浮尘.gif
- C:\wbad\Deskside\Night\特大暴雨.gif
- C:\wbad\Deskside\Night\沙尘暴.gif
- C:\wbad\Deskside\Night\暴雨.gif
- C:\wbad\Deskside\Night\暴雪.gif
- C:\wbad\Deskside\Night\阴.gif
- C:\wbad\Deskside\Night\雷阵雨.gif
- C:\wbad\Deskside\Night\雷阵雨伴有冰雹.gif
- C:\wbad\Deskside\Night\雨夹雪.gif
- C:\wbad\Deskside\Night\阵雨.gif
- C:\wbad\Deskside\Night\阵雪.gif
- C:\wbad\Deskside\Day\大雨-暴雨.gif
- C:\wbad\Deskside\Day\大雨.gif
- C:\wbad\Deskside\Day\大暴雨.gif
- C:\wbad\Deskside\Day\大到暴雪.gif
- C:\wbad\Deskside\Day\大暴雨-特大暴雨.gif
- C:\wbad\Deskside\Day\大雪-暴雪.gif
- C:\wbad\Deskside\Day\小雨-中雨.gif
- C:\wbad\Deskside\Day\小雨.gif
- C:\wbad\Deskside\Day\小到中雪.gif
- C:\wbad\Deskside\Day\大雪.gif
- C:\wbad\Deskside\Day\小到中雨.gif
- C:\wbad\Deskside\Day\中到大雪.gif
- C:\wbad\Deskside\Day\中雨-大雨.gif
- C:\wbad\Deskside\Day\中到大雨.gif
- C:\wbad\wbad.bat
- C:\wbad\Deskside\Board.rtf
- C:\wbad\Deskside\Day\中雨.gif
- C:\wbad\Deskside\Day\多云.gif
- C:\wbad\Deskside\Day\大到暴雨.gif
- C:\wbad\Deskside\Day\冻雨.gif
- C:\wbad\Deskside\Day\中雪-大雪.gif
- C:\wbad\Deskside\Day\中雪.gif
- C:\wbad\Deskside\Day\小雪-中雪.gif
- C:\wbad\Deskside\Day\雷阵雨.gif
- C:\wbad\Deskside\Day\雷阵雨伴有冰雹.gif
- C:\wbad\Deskside\Day\雨夹雪.gif
- C:\wbad\Deskside\Day\阵雨.gif
- C:\wbad\Deskside\Day\阵雪.gif
- C:\wbad\Deskside\Day\雾.gif
- C:\wbad\Deskside\Night\中到大雪.gif
- C:\wbad\Deskside\Night\中雨-大雨.gif
- C:\wbad\Deskside\Night\中到大雨.gif
- C:\wbad\Deskside\DeskSide.exe
- C:\wbad\Deskside\DeskSide.ini
- C:\wbad\Deskside\Day\晴.gif
- C:\wbad\Deskside\Day\暴雨-大暴雨.gif
- C:\wbad\Deskside\Day\扬沙.gif
- C:\wbad\Deskside\Day\小雪.gif
- C:\wbad\Deskside\Day\强沙尘暴.gif
- C:\wbad\Deskside\Day\暴雨.gif
- C:\wbad\Deskside\Day\特大暴雨.gif
- C:\wbad\Deskside\Day\阴.gif
- C:\wbad\Deskside\Day\浮尘.gif
- C:\wbad\Deskside\Day\暴雪.gif
- C:\wbad\Deskside\Day\沙尘暴.gif
- 'xi###iini.com':80
- 'xz##wj.com':80
- 'in###wns.com':80
- 'xi###ibin.com':80
- 'bi##own.com':80
- 'in##own.com':80
- 'in##in.com':80
- 'we#####.china.com.cn':80
- 'pl##.#oomeng.com':80
- 'pl##.zzinfor.cn':80
- 'pl##.#cafeads.com':80
- 'bi###wns.com':80
- 'in##z.com':80
- 'do##ini.com':80
- xi###iini.com/plus/config/oyke01.0.bin?ve#####################################
- xz##wj.com/plus/config/oyke01.0.bin?ve#####################################
- in###wns.com/plus/config/oyke01.0.bin?ve#####################################
- xi###ibin.com/plus/config/oyke01.0.bin?ve#####################################
- bi##own.com/plus/config/oyke01.0.bin?ve#####################################
- in##own.com/plus/config/oyke01.0.bin?ve#####################################
- in##in.com/plus/config/oyke01.0.bin?ve#####################################
- we#####.china.com.cn/city/57993_full.html
- pl##.#oomeng.com/plus/config/oyke01.0.bin?ve#####################################
- pl##.zzinfor.cn/plus/config/oyke01.0.bin?ve#####################################
- pl##.#cafeads.com/plus/config/oyke01.0.bin?ve#####################################
- bi###wns.com/plus/config/oyke01.0.bin?ve#####################################
- in##z.com/plus/config/oyke01.0.bin?ve#####################################
- do##ini.com/plus/config/oyke01.0.bin?ve#####################################
- DNS ASK xi###iini.com
- DNS ASK xz##wj.com
- DNS ASK in###wns.com
- DNS ASK xi###ibin.com
- DNS ASK bi##own.com
- DNS ASK in##own.com
- DNS ASK in##in.com
- DNS ASK we#####.china.com.cn
- DNS ASK pl##.#oomeng.com
- DNS ASK pl##.zzinfor.cn
- DNS ASK pl##.#cafeads.com
- DNS ASK bi###wns.com
- DNS ASK in##z.com
- DNS ASK do##ini.com
- ClassName: 'Progman' WindowName: '(null)'
- ClassName: 'ProgMan' WindowName: 'Program Manager'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'