Technical Information
- %WINDIR%\syswow64\xfyspp.bat
- nul
- 'xz##n.cn':80
- http://45.##.164.153/nba/image.jpg
- http://www.xz##n.cn/nba/image.jpg
- http://45.##.164.153/files/image.jpg
- http://www.xz##n.cn/files/image.jpg
- http://45.##.164.153/sports/image.jpg
- http://www.xz##n.cn/sports/image.jpg
- http://45.##.164.153/news/image.jpg
- http://www.xz##n.cn/news/image.jpg
- DNS ASK xz##n.cn
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\xfyspp.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\xfyspp.bat
- '%WINDIR%\syswow64\ping.exe' -n 3 127.0.0.1