Technical Information
- C:\temp.ini
- %TEMP%\dr8036.dll
- %TEMP%\k13y8147h.exe
- %TEMP%\k13y8147h_k13y8147h.log
- 'no##.youdao.com':443
- '17#.#47.90.154':7521
- DNS ASK no##.youdao.com
- '%TEMP%\k13y8147h.exe'
- '%TEMP%\k13y8147h.exe' ' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start UxSms' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start UxSms
- '%WINDIR%\syswow64\net1.exe' start UxSms