Technical Information
- <SYSTEM32>\tasks\defaults\azuresdkservice_user
- %TEMP%\costura\9a119cd1befab3010382a54c3361e11c\antlr3.runtime.dll
- %TEMP%\costura\9a119cd1befab3010382a54c3361e11c\antlr3.runtime.pdb
- %TEMP%\costura\9a119cd1befab3010382a54c3361e11c\costura.dll
- %TEMP%\costura\9a119cd1befab3010382a54c3361e11c\datalaunch.dll
- %TEMP%\costura\9a119cd1befab3010382a54c3361e11c\datalaunch.pdb
- %TEMP%\netplatform\windowslauncher.exe
- 'do##kan.ru':80
- http://do##kan.ru/dataCenter
- DNS ASK do##kan.ru
- '%TEMP%\netplatform\windowslauncher.exe'
- '%TEMP%\netplatform\windowslauncher.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn \Defaults\AzureSDKService_user /tr "%TEMP%\NetPlatform\WindowsLauncher.exe" /st 15:35 /du 9999:59 /sc daily /ri 1 /f
- '<SYSTEM32>\schtasks.exe' /create /tn \Defaults\AzureSDKService_user /tr "%TEMP%\NetPlatform\WindowsLauncher.exe" /st 15:35 /du 9999:59 /sc daily /ri 1 /f
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "<Full path to file>"
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 3
- '<SYSTEM32>\taskeng.exe' {B7741F58-8A83-4BC0-B16D-4227F3BCB54E} S-1-5-21-1238866942-1249195528-555854008-1000:doecvjwyz\user:Interactive:[1]