Technical Information
- from <Full path to file> to %TEMP%\1156841\....\1156856
- 'ba##u.com':80
- 'bg#.#yserve.net':80
- http://bg#.#yserve.net/v1/appInit
- DNS ASK ba##u.com
- DNS ASK bg#.#yserve.net
- ClassName: '' WindowName: 'WinRAR.exe'
- ClassName: '' WindowName: '360zip.exe'
- ClassName: '' WindowName: 'HaoZip.exe'
- ClassName: '' WindowName: 'KuaiZip.exe'