Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SExpWan' = '"%PROGRAM_FILES%\WanSync\Client\SEWanClt.exe"'
- %PROGRAM_FILES%\WanSync\Client\SEWanClt.exe /i /h
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\PIC.JPG
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\WanSync\Client\INS.BAT" "
- %PROGRAM_FILES%\WanSync\Client\iPhone PC Suite.exe.config
- %PROGRAM_FILES%\WanSync\Client\AxInterop.ShockwaveFlashObjects.dll
- %TEMP%\PIC.JPG
- %PROGRAM_FILES%\WanSync\Client\NdVPNHelper.dll
- %PROGRAM_FILES%\WanSync\Client\SEWanClt.exe
- %PROGRAM_FILES%\WanSync\Client\PIC.jpg
- %PROGRAM_FILES%\WanSync\Client\INS.BAT
- %PROGRAM_FILES%\WanSync\Client\RServer.ini
- %PROGRAM_FILES%\WanSync\Client\PREINS.BAT
- 'any':8377
- 'www.ah##e.com':80
- www.ah##e.com/regip/gethost.asp?vi##############
- DNS ASK www.ah##e.com
- '<IP-адрес в локальной сети>':1037
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''