Technical Information
- <Current directory>\update.tmp
- C:\delus.bat
- from <Current directory>\update.tmp to <Current directory>\ygdrcwnecg.exe
- 'bs###.king1.cc':80
- 'xz.#ing1.cc':80
- http://bs###.king1.cc/qy/config.txt
- http://xz.#ing1.cc/qy/main.exe
- DNS ASK bs###.king1.cc
- DNS ASK xz.#ing1.cc
- '%WINDIR%\syswow64\cmd.exe' /c C:\delus.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c C:\delus.bat