Technical Information
- %TEMP%\qie2016\22383.dll
- <Full path to file>
- from <Full path to file> to <Current directory>\csqeqe.temp
- 'ba##u.com':80
- 'yz##e.com':80
- 'yz##e.com':8080
- http://www.ba##u.com/
- http://www.yz##e.com/qegg/qegg.txt
- DNS ASK ba##u.com
- DNS ASK yz##e.com
- '%WINDIR%\syswow64\cmd.exe' /c del "<Current directory>\csqeqe.temp"' (with hidden window)
- '%WINDIR%\syswow64\calc.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del "<Current directory>\csqeqe.temp"