Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\ibf.exe -gav <Полный путь к вирусу>
- %TEMP%\a61s7by515p5qm64775sbme76jiv871cs8o6
- %HOMEPATH%\Templates\a61s7by515p5qm64775sbme76jiv871cs8o6
- %ALLUSERSPROFILE%\Application Data\a61s7by515p5qm64775sbme76jiv871cs8o6
- <LS_APPDATA>\ibf.exe
- <LS_APPDATA>\a61s7by515p5qm64775sbme76jiv871cs8o6
- 'ci###avif.com':80
- ci###avif.com/1006000412
- DNS ASK ci###avif.com
- '<IP-адрес в локальной сети>':1037