Technical Information
- <SYSTEM32>\tasks\defaults\azuresdkservice_user
- %TEMP%\costura\d8b305ce0811381ebbc8a7071fe52cb1\costura.dll
- %TEMP%\costura\d8b305ce0811381ebbc8a7071fe52cb1\datalaunch.dll
- %TEMP%\costura\d8b305ce0811381ebbc8a7071fe52cb1\datalaunch.pdb
- %TEMP%\costura\d8b305ce0811381ebbc8a7071fe52cb1\qrcoder.dll
- %TEMP%\netplatform\windowslauncher.exe
- 'do##kan.ru':80
- http://do##kan.ru/dataCenter
- DNS ASK do##kan.ru
- '%TEMP%\netplatform\windowslauncher.exe'
- '%TEMP%\netplatform\windowslauncher.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn \Defaults\AzureSDKService_user /tr "%TEMP%\NetPlatform\WindowsLauncher.exe" /st 17:28 /du 9999:59 /sc daily /ri 1 /f
- '<SYSTEM32>\schtasks.exe' /create /tn \Defaults\AzureSDKService_user /tr "%TEMP%\NetPlatform\WindowsLauncher.exe" /st 17:28 /du 9999:59 /sc daily /ri 1 /f
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "<Full path to file>"
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 3
- '<SYSTEM32>\taskeng.exe' {082C111A-DEA8-411B-921C-5D4273768667} S-1-5-21-3150914307-1777937420-491476919-1000:mjwmnryk\user:Interactive:[1]