Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SExpWan' = '"%PROGRAM_FILES%\WanSync\Client\SEWanClt.exe"'
- '%PROGRAM_FILES%\WanSync\Client\SEWanClt.exe' /i
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\SEIEBho.dll"
- %PROGRAM_FILES%\WanSync\Client\Client\Domains.dat
- %PROGRAM_FILES%\WanSync\Client\Client\SEIEBho.dll
- %PROGRAM_FILES%\WanSync\Client\Client\RServer.ini
- %WINDIR%\SEIEBho.dll
- %PROGRAM_FILES%\WanSync\Client\Client\SEWanClt.exe
- %PROGRAM_FILES%\WanSync\Client\Client\WanTray.ico
- %PROGRAM_FILES%\WanSync\Client\WanTray.ico
- %PROGRAM_FILES%\WanSync\Client\SEWanClt.exe
- %PROGRAM_FILES%\WanSync\Client\RServer.ini
- %PROGRAM_FILES%\WanSync\Client\PREINS.BAT
- %PROGRAM_FILES%\WanSync\Client\CltTray.ico
- %PROGRAM_FILES%\WanSync\Client\Domains.dat
- %PROGRAM_FILES%\WanSync\Client\SEIEBho.dll
- 'any':8377
- 'www.ah##e.com':80
- www.ah##e.com/regip/gethost.asp?vi########################
- DNS ASK www.ah##e.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'