Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\bbe.exe -gav <Полный путь к вирусу>
- %TEMP%\5q4u610880mhjy4p13q01l1t647
- %HOMEPATH%\Templates\5q4u610880mhjy4p13q01l1t647
- %ALLUSERSPROFILE%\Application Data\5q4u610880mhjy4p13q01l1t647
- <LS_APPDATA>\bbe.exe
- <LS_APPDATA>\5q4u610880mhjy4p13q01l1t647
- 'qa###oril.com':80
- 'en##st.com':80
- qa###oril.com/1003000412
- en##st.com/a/dock.htm
- DNS ASK qa###oril.com
- DNS ASK en##st.com
- '<IP-адрес в локальной сети>':1038