Technical Information
- <SYSTEM32>\svchost.exe
- ³â17°±.exe
- %TEMP%\dataa\³â17°±.exe
- %TEMP%\ðá16¹·aa.dll
- %TEMP%\ðá16¹·aa.dll
- %TEMP%\dataa\³â17°±.exe
- from %TEMP%\ðá16¹·aa.dll to %TEMP%\1270667\...\temporaryfile
- DNS ASK c1.#yyz.com
- '%TEMP%\dataa\³â17°±.exe'
- '<SYSTEM32>\svchost.exe'