Technical Information
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\6c97.tmp
- %TEMP%\787a.tmp.bat
- DNS ASK we####8.rutentw.com
- '%WINDIR%\syswow64\svchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\787A.tmp.bat" "' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\787A.tmp.bat" "