Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\ong.exe -gav <Полный путь к вирусу>
- %TEMP%\771gtv70j732ia02n4ndh4c260368n13f8507
- %HOMEPATH%\Templates\771gtv70j732ia02n4ndh4c260368n13f8507
- %ALLUSERSPROFILE%\Application Data\771gtv70j732ia02n4ndh4c260368n13f8507
- <LS_APPDATA>\ong.exe
- <LS_APPDATA>\771gtv70j732ia02n4ndh4c260368n13f8507
- 'wi###iwaji.com':80
- 'ol##as.com':80
- wi###iwaji.com/1032000112
- ol##as.com/summer.htm
- DNS ASK wi###iwaji.com
- DNS ASK ol##as.com
- '<IP-адрес в локальной сети>':1039