Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SteamApps' = '%TEMP%\alxryhoc.mxus\SteamApps.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\StartUp.bat
- '' (downloaded from the Internet)
- %TEMP%\alxryhoc.mxus\SteamApps.exe
- 'bl#####packet.cba.pl':80
- 'wp#d':80
- http://www.bl#####packet.cba.pl/StartUp.bat via bl#####packet.cba.pl
- http://www.bl#####packet.cba.pl/SteamApps.exe via bl#####packet.cba.pl
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK www.bl#####packet.cba.pl
- DNS ASK wp#d
- '%TEMP%\alxryhoc.mxus\SteamApps.exe'
- '<SYSTEM32>\cmd.exe' /k cd %TEMP%\alxryhoc.mxus &start SteamApps.exe&exit