Technical Information
- C:\ .bat
- '59####658.ys168.com':80
- '59#####58.ysepan.com':80
- http://59####658.ys168.com/
- http://59#####58.ysepan.com/
- DNS ASK 59####658.ys168.com
- DNS ASK 59#####58.ysepan.com
- '%WINDIR%\syswow64\cmd.exe' /c ""c:\ .bat""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""c:\ .bat""