Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\auo.exe -gav <Полный путь к вирусу>
- %TEMP%\2n1y57j66bhkr1psrt5x4b4hl58xa1106585eo
- %HOMEPATH%\Templates\2n1y57j66bhkr1psrt5x4b4hl58xa1106585eo
- %ALLUSERSPROFILE%\Application Data\2n1y57j66bhkr1psrt5x4b4hl58xa1106585eo
- <LS_APPDATA>\auo.exe
- <LS_APPDATA>\2n1y57j66bhkr1psrt5x4b4hl58xa1106585eo
- 'wi###iwaji.com':80
- wi###iwaji.com/1004000112
- DNS ASK wi###iwaji.com
- '<IP-адрес в локальной сети>':1037