Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\qfp.exe -gav <Полный путь к вирусу>
- %TEMP%\22cymu64u2s2y48
- %HOMEPATH%\Templates\22cymu64u2s2y48
- %ALLUSERSPROFILE%\Application Data\22cymu64u2s2y48
- <LS_APPDATA>\qfp.exe
- <LS_APPDATA>\22cymu64u2s2y48
- 'wi###iwaji.com':80
- 'se####faqago.com':80
- wi###iwaji.com/1016000612
- se####faqago.com/1016000612
- DNS ASK da###yzaky.com
- DNS ASK wi###iwaji.com
- DNS ASK lo###ymova.com
- DNS ASK se####faqago.com
- '<IP-адрес в локальной сети>':1038