Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'mxc' = '%LOCALAPPDATA%\Temp/10188b.tmp.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\mxc.lnk
- %TEMP%\10188b.tmp.exe
- %TEMP%\mxc.txt
- %TEMP%\sqlite3.dll
- '43.##5.158.200':2780
- '%TEMP%\10188b.tmp.exe'
- '%TEMP%\10188b.tmp.exe' ' (with hidden window)