Technical Information
- %WINDIR%\syswow64\mreadfeb.dll
- <Current directory>\fefsaf.bat
- 'google.com':80
- '255.255.255.255':80
- DNS ASK google.com
- DNS ASK go###e9953.cn
- '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\fefsaf.bat' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' <SYSTEM32>\MreadfeB.dll,Install
- '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\fefsaf.bat