Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Yana' = 'C:\Documents and Settings\LocalService\Yana.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Yana' = '%HOMEPATH%\Yana.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Yana] 'Start' = '00000002'
- %HOMEPATH%\Yana.exe
- <SYSTEM32>\attrib.exe +h +s "C:\Documents and Settings\LocalService\Yana.exe"
- <SYSTEM32>\attrib.exe +h +s "C:\Documents and Settings\LocalService\svchos.exe"
- <SYSTEM32>\attrib.exe +h +s "%HOMEPATH%\Yana.exe"
- <SYSTEM32>\attrib.exe +h +s "%HOMEPATH%\svchos.exe"
- %WINDIR%\Temp\dw.log
- C:\Documents and Settings\LocalService\svchos.exe
- %WINDIR%\Temp\218DD.dmp
- %TEMP%\dw.log
- %HOMEPATH%\svchos.exe
- %HOMEPATH%\Yana.exe
- C:\Documents and Settings\LocalService\Yana.exe
- C:\Documents and Settings\LocalService\Yana.exe
- C:\Documents and Settings\LocalService\svchos.exe
- %HOMEPATH%\Yana.exe
- %HOMEPATH%\svchos.exe
- '<IP-адрес в локальной сети>':28588
- 'www.ge###tes.com':80
- 'wp#d':80
- www.ge###tes.com/iplocator.htm
- wp#d/wpad.dat
- DNS ASK www.ge###tes.com
- DNS ASK www.ga##nis.com
- DNS ASK wp#d
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''