Technical Information
- '' (downloaded from the Internet)
- '%HOMEPATH%\documents\todxofs.exe'
- <SYSTEM32>\wermgr.exe
- %HOMEPATH%\documents\todxofs.exe
- %TEMP%\log5a47.tmp
- %TEMP%\log5a47.tmp
- '51.##.112.144':443
- '5.#.81.68':443
- 'po##.works':443
- DNS ASK po##.works
- '%HOMEPATH%\documents\todxofs.exe' ' (with hidden window)
- '<SYSTEM32>\wermgr.exe' ' (with hidden window)
- '<SYSTEM32>\wermgr.exe'