Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
- unc\mrwsdyiuo*\mailslot\net\netlogon
- %TEMP%\rad35cf1.tmp
- 'ra#.####ubusercontent.com':443
- 'ap#.#pify.org':443
- 'microsoft.com':80
- 'gr###widow.top':443
- 'x1.#.lencr.org':80
- 'ra#.####ubusercontent.com':443
- 'ap#.#pify.org':443
- 'gr###widow.top':443
- DNS ASK ra#.####ubusercontent.com
- DNS ASK ap#.#pify.org
- DNS ASK microsoft.com
- DNS ASK gr###widow.top
- DNS ASK x1.#.lencr.org
- '<SYSTEM32>\cmd.exe' /C net view > "%TEMP%\radD309C.tmp"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C wmic computersystem get domain > "%TEMP%\rad35CF1.tmp"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C net view > "%TEMP%\radD309C.tmp"
- '<SYSTEM32>\net.exe' view
- '<SYSTEM32>\cmd.exe' /C wmic computersystem get domain > "%TEMP%\rad35CF1.tmp"
- '<SYSTEM32>\wbem\wmic.exe' computersystem get domain