Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FEIQ' = '"%TEMP%\IXP000.TMP\·ЙЗпFE~1.EXE" 1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\·ЙЗпFE~1.EXE'
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\3aa82713-4186-47aa-9eaa-7152bc03a775
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\35f043cea01d91f51e04fec7a1dbf7d6_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %PROGRAM_FILES%\feiq\FeiqCfg.xml
- <SYSTEM32>\ImageOle.dll
- %TEMP%\IXP000.TMP\Rav.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\b78711714d1a835fec8f3cabd69d5f81_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\feiqwebaccess.html
- 'localhost':2425
- '25#.#55.255.255':2425
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'LICQ_CLASS' WindowName: ''