Malware Analysis Report

2025-01-03 09:31

Sample ID 240604-taygnaca9y
Target 2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar
SHA256 ba537d9a4ba0f5a69a9cb5932c0e077855176ad22ce88daabe6e6087bc22ea18
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ba537d9a4ba0f5a69a9cb5932c0e077855176ad22ce88daabe6e6087bc22ea18

Threat Level: Shows suspicious behavior

The file 2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Loads dropped DLL

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 15:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 15:51

Reported

2024-06-04 15:54

Platform

win7-20240508-en

Max time kernel

130s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\FEIQ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe 1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\feiq\zone\image\2f561b63b7d93a7f55573b99f212343b.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Db\info.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÖ÷ҳģ°å1.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\edaa43447b5883a61f054bd27eceba18.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\f5eb33897069eafcefcf4896dc5db673.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\GifDll\ImageOle.dll C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zone.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\03c714fa9758d8e262c344786c436230.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\7f5f59a3a5dd55db4fabf72fdc045485.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Db\resumefile.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\resumefile.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\detect19203.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\winfo.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonetpl.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\722353e851c95d7ae608bd7ce5c75efc.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\detect17142.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\winfo.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zone.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\zonetpl.zip C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\c180d5c7b7d58181e6efbbee3d5127e0.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\info.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\detect12866.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÖ÷ҳģ°å3.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å2.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\683a2bbbfa0a4e282bae11dc5eebf675.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\aebf40f73551de45476780ecf0ff3c20.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Tuiguang\data.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Db\winfo.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\01f31aed202f0b31ea2879550c239585.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÖ÷ҳģ°å2.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonecache.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\AppBox\Logo\cfg.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\zonecache.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonetpl.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\1e84c1b9b4753b2876030181a74e3d0f.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\2c52d91c9521d197139e92cee16e8322.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Tuiguang\data.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\detect11795.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\860d4f7f6782285406a96c092b38805d.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Tuiguang\detect397.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\zone.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\34458eb1df38a60c2209182c43d1f5aa.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\info.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\AppBox\Logo\cfg.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\AppBox\detect221.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\5e96edd4516f348c2317af845112023e.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\6e7e18d4569bfe59210b2947105f05f0.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\2401c01dd3fdbe7d80f02b26d11d8f7f.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\6361c909a9c0ff4e0867d5fb6ae28914.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\resumefile.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\detect15153.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonecache.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å4.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\AppBox\Logo\cfg.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\0fa3ead2d292051eb73f200165ffd7c8.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\4f4a781db030ae8d5e84d4caf90f1747.png C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Tuiguang\data.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å1.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\02d8ba1bdac27d6f1d10c04bf89dab65.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\c1d0cd7d4d57a7cbe1ae8bc0f1c2fe27.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\FeiqCfg.xml C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å5.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å3.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\131f5b074d9f8bc6049cfde364530875.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBAFFFA3-8012-4E65-902C-9DF4360BFC3B}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0525C8BE-6CCA-4AF7-B72A-1D81756978F0}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe\"" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQData\CLSID\ = "{C4AB3843-3548-4e73-B99D-620DF075BB32}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C4AB3843-3548-4e73-B99D-620DF075BB32}\TypeLib C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator\CurVer\ = "ImageOle.GifAnimator.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\AppID = "{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQTools\CLSID\ = "{1129492B-BE39-4F68-9FB2-954A15642CE6}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C4AB3843-3548-4e73-B99D-620DF075BB32} C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5CAC5D2-0527-414b-979F-0FAA325646CC}\ = "ClientObjectsModule Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BE8BCAB3-73D7-4316-872E-2C776302ECD4}\VersionIndependentProgID\ = "FeiQ.FQRoot" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator.1\ = "GifAnimator Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator.1\CLSID\ = "{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0525C8BE-6CCA-4AF7-B72A-1D81756978F0}\VersionIndependentProgID\ = "FeiQ.Application" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8} C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddyCollection\CurVer\ = "FeiQ.FQBuddyCollection.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddy.1 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddy.1\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88118872-FA84-4324-BD58-8A804ABB339D} C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\ = "FQTools Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator.1 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}\1.0\ = "ImageOle 1.0 Type Library" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97819BF3-8E21-477c-9162-5AED70E4155A}\TypeLib\ = "{83863943-2942-4480-83CF-CE99E5655801}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C4AB3843-3548-4e73-B99D-620DF075BB32}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe\"" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQDataCollection\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B76352A6-61E3-481a-A219-9B50DAB47F80}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\ = "CFQUi Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\VersionIndependentProgID\ = "FeiQ.FQBuddyCollection" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\VersionIndependentProgID\ = "FeiQ.FQBuddy" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BE8BCAB3-73D7-4316-872E-2C776302ECD4}\ProgID\ = "FeiQ.FQRoot.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}\ = "IGifAnimator" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddy\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\ = "FQBuddy Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.Application\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\AppID = "{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.ClientObjectsModule\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8}\ = "FEIQ" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddyCollection.1\ = "FQBuddyCollection Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBAFFFA3-8012-4E65-902C-9DF4360BFC3B}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B76352A6-61E3-481a-A219-9B50DAB47F80}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BE8BCAB3-73D7-4316-872E-2C776302ECD4}\AppID = "{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQMenu.1 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\Programmable C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\TypeLib\ = "{83863943-2942-4480-83CF-CE99E5655801}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQFolderBar\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B76352A6-61E3-481a-A219-9B50DAB47F80}\ProgID\ = "FeiQ.FQDataCollection.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6} C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BE8BCAB3-73D7-4316-872E-2C776302ECD4}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQCalendar\CurVer\ = "FeiQ.FQCalendar.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B76352A6-61E3-481a-A219-9B50DAB47F80}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe\"" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BE8BCAB3-73D7-4316-872E-2C776302ECD4}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQMenu C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBAFFFA3-8012-4E65-902C-9DF4360BFC3B} C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.ClientObjectsModule.1\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQRoot.1 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\AppID = "{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe"

Network

Country Destination Domain Proto
N/A 10.127.255.255:2425 udp
N/A 255.255.255.255:2425 udp
N/A 10.127.0.152:2425 udp
US 8.8.8.8:53 e.feiq18.com udp
CN 180.97.238.45:80 e.feiq18.com tcp
US 8.8.8.8:53 www.feiq18.com udp
CN 180.97.238.45:80 www.feiq18.com tcp
US 8.8.8.8:53 feiqupgrade.blog.sohu.com udp
CN 27.221.71.83:80 feiqupgrade.blog.sohu.com tcp

Files

memory/2344-0-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-1-0x0000000000400000-0x000000000157F000-memory.dmp

C:\Users\Admin\AppData\Roaming\feiq\feiq.ini

MD5 ad7812ebc6c6bf360977baac663a42f5
SHA1 72844f6c194ffbbc2fb254e76951fe2cd4e479a5
SHA256 a7b8987fdcc95136c90be17665bb4b21d07f0270a427592eea6f4fc63422d9df
SHA512 d5b4453e2df7121ade86df50e444abc27a9c4a9e72eaddf5f95c4befafe0e7829a0f63509c5cc7db7ba5e86e3efc85eac3b1da9c26499ad62362af6dff17c7e9

\Program Files\feiq\GifDll\ImageOle.dll

MD5 c653904916e99c2653bf3b339c734f05
SHA1 6cb3cde5b5f7ffd76b0de150feb15801f705dd57
SHA256 a11cd7f420a737e8127012c24dc3fbce1b2e6c6c3425f2028c6171a7e8eb7785
SHA512 d4aa6713140d2391ee56352dc350e892ffc905843e74f1cdc99b0ce1645ec1d1ba4e990a8ee847928aabd10de0488f035c5df5e005ec7048c4f07d88d9082e6b

memory/2344-17-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-18-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-78-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-82-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-86-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-90-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-94-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-99-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-102-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-106-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-107-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-131-0x0000000000400000-0x000000000157F000-memory.dmp

memory/2344-153-0x0000000000400000-0x000000000157F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 15:51

Reported

2024-06-04 15:54

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FEIQ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe 1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\feiq\Tuiguang\data.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\01f31aed202f0b31ea2879550c239585.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\1e84c1b9b4753b2876030181a74e3d0f.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Db\info.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\resumefile.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Tuiguang\data.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\0fa3ead2d292051eb73f200165ffd7c8.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\03c714fa9758d8e262c344786c436230.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Db\resumefile.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\f5eb33897069eafcefcf4896dc5db673.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\FeiqCfg.xml C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\AppBox\detect832.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å4.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\131f5b074d9f8bc6049cfde364530875.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\860d4f7f6782285406a96c092b38805d.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\detect14661.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\AppBox\Logo\cfg.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\AppBox\Logo\cfg.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonetpl.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å3.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\c1d0cd7d4d57a7cbe1ae8bc0f1c2fe27.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÖ÷ҳģ°å2.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Tuiguang\data.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\GifDll\ImageOle.dll C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\AppBox\Logo\cfg.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonecache.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\resumefile.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonetpl.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\5e96edd4516f348c2317af845112023e.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\detect15875.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\c180d5c7b7d58181e6efbbee3d5127e0.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\detect11662.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zone.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÖ÷ҳģ°å3.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å2.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\34458eb1df38a60c2209182c43d1f5aa.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\edaa43447b5883a61f054bd27eceba18.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\722353e851c95d7ae608bd7ce5c75efc.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Tuiguang\detect349.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\zonetpl.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\2401c01dd3fdbe7d80f02b26d11d8f7f.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\2c52d91c9521d197139e92cee16e8322.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\Db\winfo.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\winfo.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÖ÷ҳģ°å1.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\6361c909a9c0ff4e0867d5fb6ae28914.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\info.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\detect15519.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zone.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\zonetpl.zip C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\zone\zonecache.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\683a2bbbfa0a4e282bae11dc5eebf675.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\6e7e18d4569bfe59210b2947105f05f0.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\aebf40f73551de45476780ecf0ff3c20.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\detect16601.txt C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\2f561b63b7d93a7f55573b99f212343b.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\4f4a781db030ae8d5e84d4caf90f1747.png C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\zone.db C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\02d8ba1bdac27d6f1d10c04bf89dab65.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\df453317c93f4df742d398436e1d5646.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\tplhtml\ϵͳÈÕ־ģ°å5.html C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File created C:\Program Files\feiq\zone\image\7f5f59a3a5dd55db4fabf72fdc045485.gif C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\info.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
File opened for modification C:\Program Files\feiq\Db\winfo.db-journal C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A5CAC5D2-0527-414b-979F-0FAA325646CC}\TypeLib\ = "{83863943-2942-4480-83CF-CE99E5655801}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\FEIQ.EXE C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\AppID = "{B6938C8A-42A7-40AE-A4A9-85EAC54FC8F8}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88118872-FA84-4324-BD58-8A804ABB339D}\VersionIndependentProgID\ = "FeiQ.FQCalendar" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88118872-FA84-4324-BD58-8A804ABB339D}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQDataCollection.1\ = "FQDataCollection Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.ClientObjectsModule\ = "ClientObjectsModule Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A5CAC5D2-0527-414b-979F-0FAA325646CC}\ProgID\ = "FeiQ.ClientObjectsModule.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator.1\Insertable C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQRoot.1\ = "FQRoot Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQRoot\CurVer\ = "FeiQ.FQRoot.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\ProgID\ = "FeiQ.FQBuddyCollection.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\ProgID\ = "FeiQ.FQBuddy.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\TypeLib\ = "{710993A2-4F87-41D7-B6FE-F5A20368465F}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe\"" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQUi\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator\CurVer\ = "ImageOle.GifAnimator.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddyCollection.1\CLSID\ = "{39AF7A0C-F38A-420F-9611-6C848375977B}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQTools\ = "FQTools Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78669512-A747-4933-8DEC-6C1196599BFB}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CBAFFFA3-8012-4E65-902C-9DF4360BFC3B}\ProgID\ = "FeiQ.FQFolderBar.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88118872-FA84-4324-BD58-8A804ABB339D}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQTools.1\CLSID\ = "{1129492B-BE39-4F68-9FB2-954A15642CE6}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQTools C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQDataCollection\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.ClientObjectsModule.1 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\Insertable C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQFolderBar.1\CLSID\ = "{CBAFFFA3-8012-4E65-902C-9DF4360BFC3B}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQFolderBar\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQCalendar\CLSID\ = "{88118872-FA84-4324-BD58-8A804ABB339D}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0525C8BE-6CCA-4AF7-B72A-1D81756978F0} C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQRoot\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddyCollection.1\ = "FQBuddyCollection Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0525C8BE-6CCA-4AF7-B72A-1D81756978F0}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQData\ = "FQData Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQData\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQUi C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\ProgID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\ = "FQTools Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.ClientObjectsModule\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\TypeLib C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}\ = "IGifAnimator" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQTools\CLSID\ = "{1129492B-BE39-4F68-9FB2-954A15642CE6}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0525C8BE-6CCA-4AF7-B72A-1D81756978F0}\ProgID\ = "FeiQ.Application.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQData.1\CLSID\ = "{C4AB3843-3548-4e73-B99D-620DF075BB32}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B76352A6-61E3-481a-A219-9B50DAB47F80}\TypeLib C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6620960-3908-4FE6-B347-9744EEF0ABE2}\ProgID\ = "FeiQ.FQUi.1" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageOle.GifAnimator.1\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\Control C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQData.1 C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQMenu\CLSID C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{97819BF3-8E21-477c-9162-5AED70E4155A}\TypeLib C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39AF7A0C-F38A-420F-9611-6C848375977B}\VersionIndependentProgID\ = "FeiQ.FQBuddyCollection" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddy.1\ = "FQBuddy Class" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.FQBuddy.1\CLSID\ = "{78669512-A747-4933-8DEC-6C1196599BFB}" C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1129492B-BE39-4F68-9FB2-954A15642CE6}\Programmable C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FeiQ.Application\CurVer C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_22b1b1b018a54a257e90e4c110252150_huhk_icedid_vidar.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
N/A 10.127.255.255:2425 udp
N/A 255.255.255.255:2425 udp
N/A 10.127.0.245:2425 udp
US 8.8.8.8:53 e.feiq18.com udp
CN 180.97.238.45:80 e.feiq18.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 www.feiq18.com udp
CN 180.97.238.45:80 www.feiq18.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 feiqupgrade.blog.sohu.com udp
CN 112.84.131.219:80 feiqupgrade.blog.sohu.com tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

memory/1272-0-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-1-0x0000000000400000-0x000000000157F000-memory.dmp

C:\Users\Admin\AppData\Roaming\feiq\feiq.ini

MD5 ad7812ebc6c6bf360977baac663a42f5
SHA1 72844f6c194ffbbc2fb254e76951fe2cd4e479a5
SHA256 a7b8987fdcc95136c90be17665bb4b21d07f0270a427592eea6f4fc63422d9df
SHA512 d5b4453e2df7121ade86df50e444abc27a9c4a9e72eaddf5f95c4befafe0e7829a0f63509c5cc7db7ba5e86e3efc85eac3b1da9c26499ad62362af6dff17c7e9

memory/1272-9-0x0000000000B7F000-0x0000000000B80000-memory.dmp

C:\Program Files\feiq\GifDll\ImageOle.dll

MD5 c653904916e99c2653bf3b339c734f05
SHA1 6cb3cde5b5f7ffd76b0de150feb15801f705dd57
SHA256 a11cd7f420a737e8127012c24dc3fbce1b2e6c6c3425f2028c6171a7e8eb7785
SHA512 d4aa6713140d2391ee56352dc350e892ffc905843e74f1cdc99b0ce1645ec1d1ba4e990a8ee847928aabd10de0488f035c5df5e005ec7048c4f07d88d9082e6b

memory/1272-18-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-19-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-75-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-103-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-138-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-146-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-148-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-149-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-150-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-153-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-154-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-155-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-156-0x0000000000400000-0x000000000157F000-memory.dmp

memory/1272-157-0x0000000000400000-0x000000000157F000-memory.dmp