Technical Information
- <SYSTEM32>\tasks\microsoft assisant
- %ALLUSERSPROFILE%\microsoft\microsoftassisant.exe
- %LOCALAPPDATA%\microsoft\clr_v4.0_32\usagelogs\<File name>.exe.log
- %LOCALAPPDATA%\microsoft\clr_v4.0_32\usagelogs\microsoftassisant.exe.log
- %ALLUSERSPROFILE%\microsoft\microsoftassisant.exe
- '77.#3.134.3':8080
- 'ip##o.is':80
- http://ip##o.is/
- DNS ASK ip##o.is
- '%ALLUSERSPROFILE%\microsoft\microsoftassisant.exe'
- '%WINDIR%\syswow64\cmd.exe' /C schtasks /create /TN "Microsoft Assisant" /TR "%ALLUSERSPROFILE%\Microsoft\MicrosoftAssisant.exe" /sc ONLOGON
- '%WINDIR%\syswow64\schtasks.exe' /create /TN "Microsoft Assisant" /TR "%ALLUSERSPROFILE%\Microsoft\MicrosoftAssisant.exe" /sc ONLOGON
- '%WINDIR%\syswow64\explorer.exe' %ALLUSERSPROFILE%\Microsoft\MicrosoftAssisant.exe
- '%WINDIR%\syswow64\cmd.exe' /C schtasks /create /TN "Microsoft Assisant" /TR "%ALLUSERSPROFILE%\Microsoft\MicrosoftAssisant.exe" /sc ONLOGON' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe' %ALLUSERSPROFILE%\Microsoft\MicrosoftAssisant.exe' (with hidden window)
- '%ALLUSERSPROFILE%\microsoft\microsoftassisant.exe' ' (with hidden window)