Technical Information
- %TEMP%\intel\intel.exe.lnk
- %TEMP%\intel\intel.exe.jpg
- %TEMP%\tmp.exe
- %TEMP%\.exe
- from %TEMP%\intel\intel.exe.jpg to %TEMP%\intel\intel.exe
- from <Full path to file> to %TEMP%\melt.txt
- DNS ASK ip##pi.com
- DNS ASK fr###eoip.net
- DNS ASK ap#.#pify.org
- '%TEMP%\tmp.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ren "%temp%\intel\intel.exe.jpg" intel.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %temp%\intel\intel.exe:Zone.Identifier' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %temp%\intel\intel.exe:Zone.Identifier
- '%WINDIR%\syswow64\cmd.exe' /c ren "%temp%\intel\intel.exe.jpg" intel.exe