Technical Information
- %ALLUSERSPROFILE%\microsoft arts\start\asjknl.vbs
- C:\users\public\microsoftasyncarts.ps1
- 'b2####pitality.com':443
- 'microsoft.com':80
- 'b2####pitality.com':443
- DNS ASK b2####pitality.com
- DNS ASK microsoft.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\MicrosoftAsyncArts.ps1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\MicrosoftAsyncArts.ps1' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\Microsoft Arts\start\AsJKNL.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\MicrosoftAsyncArts.ps1
- '%WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe'