Technical Information
- '' (downloaded from the Internet)
- <SYSTEM32>\winlogon.exe
- %TEMP%\mxz32.exe
- <SYSTEM32>\soaction64.dll
- <SYSTEM32>\insvc32.exe
- %WINDIR%\syswow64\insvc32.exe
- %WINDIR%\syswow64\maxsvc32.dll
- %TEMP%\update64.exe
- <SYSTEM32>\soaction64.dll
- <SYSTEM32>\insvc32.exe
- %WINDIR%\syswow64\insvc32.exe
- %WINDIR%\syswow64\maxsvc32.dll
- 'co###612.com':80
- http://co###612.com/0109b3/aa.dat
- DNS ASK co###612.com
- '%TEMP%\mxz32.exe'
- '%TEMP%\mxz32.exe' ' (with hidden window)