Technical Information
- %WINDIR%\media\mpec.mbt
- %WINDIR%\media\rs1.exe
- 'rt###.qweaa.pl':80
- http://rt###.qweaa.pl/user1/yh.png
- http://rt###.qweaa.pl/user/f1.png
- DNS ASK rt###.qweaa.pl
- ClassName: 'CabinetWClass' WindowName: 'Õą̂µçÄÔ'
- ClassName: 'CabinetWClass' WindowName: '¼ÆËã»ú'
- ClassName: 'CabinetWClass' WindowName: '´ËµçÄÔ'
- '%WINDIR%\syswow64\cmd.exe' /c del <File name>.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <File name>.exe