Technical Information
- [HKLM\SOFTWARE\Microsoft\windows\currentVersion\Run] 'AutoRun' = 'D:\daram.exe'
- '' (downloaded from the Internet)
- D:\daram.exe
- '10#.#3.110.177':9999
- http://10#.##.110.177:9999/daram.txt via 10#.#3.110.177
- ClassName: 'vguiPopupWindow' WindowName: '蒸汽平台'
- ClassName: 'vguiPopupWindow' WindowName: ''
- 'D:\daram.exe'
- '<SYSTEM32>\cmd.exe' /c del <Full path to file> >nul' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c del <Full path to file> >nul