Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VVSN' = '%PROGRAM_FILES%\VVSN\VVSN.exe'
- '%PROGRAM_FILES%\VVSN\VVSN.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\WUS5.bat "%PROGRAM_FILES%\VVSN\VVSN.exe" "%PROGRAM_FILES%\VVSN"
- %PROGRAM_FILES%\VVSN\vvsn.cfg
- %PROGRAM_FILES%\VVSN\VSN.cfg
- %TEMP%\WUS5.bat
- %PROGRAM_FILES%\VVSN\URL1\SAVE-CASTm-SYNCm-WHSEInst.exe
- %TEMP%\B54.WUT\vvsn.cab
- %TEMP%\B54.WUT\whenu.inf
- %PROGRAM_FILES%\VVSN\SET4.tmp
- %PROGRAM_FILES%\VVSN\SET3.tmp
- %PROGRAM_FILES%\VVSN\URL1\SAVE-CASTm-SYNCm-WHSEInst.exe
- %PROGRAM_FILES%\VVSN\vvsn.cfg
- %PROGRAM_FILES%\VVSN\VVSN.exe
- %PROGRAM_FILES%\VVSN\VSN.cfg
- %PROGRAM_FILES%\VVSN\SET3.tmp
- %TEMP%\B54.WUT\whenu.inf
- %TEMP%\B54.WUT\vvsn.cab
- %PROGRAM_FILES%\VVSN\SET4.tmp в %PROGRAM_FILES%\VVSN\VVSN.exe
- 'sp###.whenu.com':80
- 'ap#.#henu.com':80
- 'localhost':1039
- http://ap#.#henu.com/AppInstall?ap###################################################################################
- http://sp###.whenu.com/vsn/ISA/SAVE-CASTm-SYNCm-WHSEInst.exe
- http://ap#.#henu.com/AppInstall?ap#############################################################
- DNS ASK sp###.whenu.com
- DNS ASK ap#.#henu.com
- ClassName: 'WhenU_VVSN_1_0' WindowName: ''