Technical Information
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\wf1fc.tmp
- %TEMP%\6e11bf.tmp
- %TEMP%\wf1fc.tmp
- %TEMP%\6e11bf.tmp
- '18#.#0.161.72':443
- '%WINDIR%\syswow64\svchost.exe' "<Full path to file>"
- '%WINDIR%\syswow64\whoami.exe' /all
- '%WINDIR%\syswow64\net.exe' view