Technical Information
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\fb347.tmp
- %TEMP%\xb54d.tmp
- %TEMP%\fb347.tmp
- %TEMP%\xb54d.tmp
- '46.##5.131.88':443
- '%WINDIR%\syswow64\svchost.exe' "<Full path to file>"
- '%WINDIR%\syswow64\whoami.exe' /all
- '%WINDIR%\syswow64\net.exe' view