Technical Information
- C:\temp.ini
- %TEMP%\mxri4ii.dll
- %TEMP%\gdurru6uuaj2yen.exe
- http://no##.youdao.com/yws/public/resource/bbb262adc3ab893b19106d250d109260/xmlnote/B02FB75DDC9347D5B433DE9A551CFE70/183
- DNS ASK no##.youdao.com
- '%TEMP%\gdurru6uuaj2yen.exe'
- '%TEMP%\gdurru6uuaj2yen.exe' ' (with hidden window)