Technical Information
- %TEMP%\json2.js
- unc\pnwdlwhuj*\mailslot\net\netlogon
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://ip##fo.io/ip
- http://ip##fo.io/country
- DNS ASK ra#.####ubusercontent.com
- DNS ASK microsoft.com
- DNS ASK ip##fo.io
- '<SYSTEM32>\cmd.exe' /C net view > "%TEMP%\radC60CA.tmp"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C net view > "%TEMP%\radC60CA.tmp"
- '<SYSTEM32>\net.exe' view