Technical Information
- '%APPDATA%\intelmanager.exe'
- '<SYSTEM32>\cmd.exe' /K "%APPDATA%\intelmanager.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "a1679a16-1bcb-4f6c-b7a5-2e15806552b0" /t REG_SZ /d "%APPDATA%\intelmanager.exe" & exit
- intelmanager.exe
- %APPDATA%\Monitor\Screenshots\05-31-2017\2.11 AM
- %APPDATA%\intelmanager.exe
- 'lk########dlqds.swadentheonlyone.pw':6600
- DNS ASK lk########dlqds.swadentheonlyone.pw
- ClassName: 'Shell_TrayWnd' WindowName: ''