Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'FEIQ' = '"<Full path to file>" 1'
- %WINDIR%\win.ini
- %WINDIR%\syswow64\imageole.dll
- %TEMP%\feiqwebaccess.html
- %PROGRAMDATA%\microsoft\crypto\rsa\machinekeys\7711f9c43176ea52b86f52a38013fdaf_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %ProgramFiles%\feiq\feiqcfg.xml
- %PROGRAMDATA%\microsoft\crypto\rsa\machinekeys\95584aed2525b14ccacb44240acfd834_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %TEMP%\feiq_upgrade.html
- %TEMP%\feiq_upgrade.html
- http://fe######ade.blog.sohu.com/76174739.html
- http://www.jc###.com.cn/bbs/feigez.html
- http://www.jc###.com.cn/bbs/feigequanshu/1.html
- http://www.jc###.com.cn/feigeziplus.html
- DNS ASK fe######ade.blog.sohu.com
- DNS ASK jc###.com.cn
- '255.255.255.255':2425
- '<LOCALNET>.30.58':2425
- ClassName: 'LICQ_CLASS' WindowName: ''
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"