Technical Information
- %WINDIR%\syswow64\notepad.exe
- '11#.#3.44.15':10000
- '11#.#3.44.15':10000
- '%WINDIR%\syswow64\notepad.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c whoami /groups' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe'
- '%WINDIR%\syswow64\cmd.exe' /c whoami /groups
- '%WINDIR%\syswow64\whoami.exe' /groups