Technical Information
- <SYSTEM32>\tasks\microsoft\windows\pla\system\smbdiag
- <SYSTEM32>\tasks\microsoft\windows\user profile service\slmgr32
- <SYSTEM32>\slmgr32.vbs
- <SYSTEM32>\grouppolicy\machine\scripts\startup\smbdiag.vbs
- unc\unoobhf*\mailslot\net\netlogon
- '51.##.147.41':80
- http://v4.#dent.me/
- DNS ASK v4.#dent.me
- DNS ASK v6.#dent.me
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\grouppolicy\machine\scripts\startup\smbdiag.vbs"
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\grouppolicy\machine\scripts\startup\smbdiag.vbs"' (with hidden window)