Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FEIQ' = '"<Полный путь к вирусу>" 1'
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\35f043cea01d91f51e04fec7a1dbf7d6_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %PROGRAM_FILES%\feiq\FeiqCfg.xml
- %TEMP%\feiqaccessrst.txt
- %TEMP%\feiQ_Upgrade.html
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- %TEMP%\feiqwebaccess.html
- <SYSTEM32>\ImageOle.dll
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\35629e5a-d474-4eb3-a96c-902764e9b440
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\b78711714d1a835fec8f3cabd69d5f81_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\feiqaccessrst.txt
- %TEMP%\feiQ_Upgrade.html
- 'lu######feiq.blog.sohu.com':80
- 'www.fe##18.com':80
- 'fe######ade.blog.sohu.com':80
- lu######feiq.blog.sohu.com/65220498.html
- www.fe##18.com/feiqaccessrst.html
- fe######ade.blog.sohu.com/76174739.html
- www.fe##18.com/feiQ_Upgrade.html
- DNS ASK lu######feiq.blog.sohu.com
- DNS ASK www.fe##18.com
- DNS ASK fe######ade.blog.sohu.com
- '25#.#55.255.255':2425
- '<IP-адрес в локальной сети>':2425
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'LICQ_CLASS' WindowName: ''