Technical Information
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\hktc502.tmp
- %TEMP%\jc8be.tmp
- %TEMP%\hktc502.tmp
- %TEMP%\jc8be.tmp
- '10#.#36.24.85':443
- '%WINDIR%\syswow64\svchost.exe' "<Full path to file>"
- '%WINDIR%\syswow64\whoami.exe' /all
- '%WINDIR%\syswow64\net.exe' view