Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winpriv' = '<SYSTEM32>\winprive.exe'
- '%WINDIR%\winprive.exe'
- '<SYSTEM32>\reg.exe' ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "Winpriv" /d "<SYSTEM32>\winprive.exe"
- C:\svr.exe
- %WINDIR%\winprive.exe
- %WINDIR%\winprive.exe
- C:\svr.exe
- '<IP-адрес в локальной сети>':0
- 'ap####.gadu-gadu.pl':80
- 'www.te##.plusgsm.pl':80
- ap####.gadu-gadu.pl/appsvc/appmsg4.asp?fm############################################################
- www.te##.plusgsm.pl/sms/sendsms.php
- DNS ASK ap####.gadu-gadu.pl
- DNS ASK www.te##.plusgsm.pl
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'