Technical Information
- %WINDIR%\syswow64\svchost.exe
- %PROGRAMDATA%\a3fa35ee.exe
- %APPDATA%\exa8775.tmp.bat
- 'dr##box.com':443
- 'tw##ter.com':443
- 'se###pace.com':443
- 'et##de.com':443
- 'fa###ook.com':443
- 'in###gram.com':443
- 'gi##ub.com':443
- 'ic##ud.com':443
- 'py##on.org':443
- DNS ASK dr##box.com
- DNS ASK tw##ter.com
- DNS ASK se###pace.com
- DNS ASK et##de.com
- DNS ASK fa###ook.com
- DNS ASK in###gram.com
- DNS ASK gi##ub.com
- DNS ASK ic##ud.com
- DNS ASK py##on.org
- '%WINDIR%\syswow64\svchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\exa8775.tmp.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\exa8775.tmp.bat" "<Full path to file>""