Technical Information
- %WINDIR%\syswow64\anti-·´¸½¼ó»·¾³.exe
- <Current directory>\extradll.dll
- from %WINDIR%\syswow64\anti-·´¸½¼ó»·¾³.exe to %TEMP%\894197\....\temporaryfile
- 'sm##.qq.com':25
- 'sm##.qq.com':25
- DNS ASK sm##.qq.com
- '%WINDIR%\syswow64\anti-·´¸½¼ó»·¾³.exe' 924
- '%WINDIR%\syswow64\anti-·´¸½¼ó»·¾³.exe' 924' (with hidden window)