Technical Information
- <SYSTEM32>\tasks\mytask
- %WINDIR%\temp\conhos.exe
- '20#.#34.253.184':8888
- http://20#.###.253.184:8888/upsupx3.exe via 20#.#34.253.184
- '%WINDIR%\temp\conhos.exe'
- '<SYSTEM32>\cmd.exe' /c net1 user admina /ad
- '<SYSTEM32>\net1.exe' user admina /ad