Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\setup.js
- <SYSTEM32>\tasks\anydesk
- %TEMP%\setup.js
- %TEMP%\setup.msi
- %APPDATA%\setup.js
- 'sp####v.linkpc.net':8088
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK sp####v.linkpc.net
- DNS ASK microsoft.com
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\setup.js"
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 30 /tn anydesk /tr "%APPDATA%\setup.js' (with hidden window)
- '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\setup.msi"
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 30 /tn anydesk /tr "%APPDATA%\setup.js