Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Gigabyte' = '%WINDIR%\SYSTEM\Gigabyte.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Gigabyte' = '%WINDIR%\SYSTEM\Gigabyte.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Dead' = 'rundll32 keyboard,disable'
- Windows Task Manager (Taskmgr)
- %TEMP%\RarSFX0\Steam.vbs
- %WINDIR%\system\Gigabyte.vbs
- %TEMP%\Steam.exe
- %TEMP%\Steam.bat
- %TEMP%\RarSFX0\Steam.vbs
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\Steam.vbs"
- '%TEMP%\Steam.exe' -p12345 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\rundll32.exe' keyboard.exe, disable
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -Embedding
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Steam.bat" "