Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im <File name>.exe
- %TEMP%\e_n4\krnln.fnr
- <Current directory>\1.exe.tmp
- %TEMP%\e_n4\crypto.dll
- %TEMP%\e_n4\shell.fne
- %TEMP%\e_n4\exmlparser.fne
- %TEMP%\e_n4\ethread.fne
- %TEMP%\e_n4\iconv.fne
- %TEMP%\e_n4\eapi.fne
- %TEMP%\e_n4\iext3.fne
- %TEMP%\e_n4\htmlview.fne
- %TEMP%\e_n4\xplib.fne
- %TEMP%\e_n4\internet.fne
- %TEMP%\e_n4\dp1.fne
- %TEMP%\e_n4\commobj.fne
- %TEMP%\e_n4\spec.fne
- %TEMP%\e_n4\iext.fnr
- <Current directory>\update.bat
- <Current directory>\peizhi.abc
- <Full path to file>
- http://39.##6.71.139/banlist.txt
- http://39.##6.71.139/models.exe
- http://39.##6.71.139/peizhi.zip
- ClassName: '' WindowName: ''
- '<Full path to file>'
- '%WINDIR%\syswow64\cmd.exe' /c update.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c update.bat
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 1