Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FEIQ' = '"<Полный путь к вирусу>" 1'
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\e32e3e327870699cf9f0fa05f5580b4b_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %PROGRAM_FILES%\feiq\FeiqCfg.xml
- %TEMP%\feiqaccessrst.txt
- %TEMP%\feiQ_Upgrade.html
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- %TEMP%\feiqwebaccess.html
- <SYSTEM32>\ImageOle.dll
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\ffabd7b6-d8b9-4fe5-900c-a3218e400ac1
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\878a52055b744265143c1df22399c4a9_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %TEMP%\feiqaccessrst.txt
- %TEMP%\feiQ_Upgrade.html
- 'lu######feiq.blog.sohu.com':80
- 'www.fe##18.com':80
- 'fe######ade.blog.sohu.com':80
- lu######feiq.blog.sohu.com/65220498.html
- www.fe##18.com/feiqaccessrst.html
- fe######ade.blog.sohu.com/76174739.html
- www.fe##18.com/feiQ_Upgrade.html
- DNS ASK lu######feiq.blog.sohu.com
- DNS ASK www.fe##18.com
- DNS ASK fe######ade.blog.sohu.com
- '25#.#55.255.255':2425
- 'localhost':2425
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'LICQ_CLASS' WindowName: ''