Technical Information
- %WINDIR%\media\mpec.mbt
- C:\1.jpg
- %WINDIR%\media\rs1.exe
- 'rt###.qweaa.pl':80
- http://rt###.qweaa.pl/user1/yh.png
- http://rt###.qweaa.pl/user1/1.jpg
- http://rt###.qweaa.pl/user/f1.png
- DNS ASK rt###.qweaa.pl
- ClassName: 'CabinetWClass' WindowName: 'Õą̂µçÄÔ'
- ClassName: 'CabinetWClass' WindowName: '¼ÆËã»ú'
- ClassName: 'CabinetWClass' WindowName: '´ËµçÄÔ'
- '%WINDIR%\syswow64\cmd.exe' /c c:\1.jpg' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <File name>.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c c:\1.jpg
- '%WINDIR%\syswow64\cmd.exe' /c del <File name>.exe