Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows System Audio Driver' = '"%WINDIR%\audio32hd.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- hidden files
- User Account Control (UAC)
- '%APPDATA%\WUD32Host.exe'
- '%WINDIR%\audio32hd.exe'
- '<SYSTEM32>\netsh.exe' Firewall set opmode disable
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- '99#####64.etherbyte.com':80
- '99###7064.us.to':80
- '99######4.servequake.com':80
- '99#######.servecounterstrike.com':80
- '99#####64.servepics.com':80
- '99#####64.shadir.com':80
- '99#####64.bounceme.net':80
- '99####064.noip.me':80
- '99####064.info.tm':80
- '99#####64.paulkelly.org':80
- '99####064.ddns.net':80
- '99####064.zapto.org':80
- '99####064.biz.tm':80
- '99#####64.servehttp.com':80
- '99####064.gotdns.ch':80
- '99#######.fulltimevillain.net':80
- '99####064.rltk.us':80
- '99####064.contem.bz':80
- '99######4.beerprojects.com':80
- '99#####64.fin-tech.com':80
- '99#######.fatesperfection.com':80
- '99####064.rltk.org':80
- '99#####64.becompany.org':80
- 'wp#d':80
- '99######4.candacechao.com':80
- '99#####64.dara-dal.net':80
- '99#####64.thegmc.com':80
- '99#####64.framed.net':80
- '99###7064.uk.to':80
- '99#######.computersforpeace.net':80
- '99#####64.xpresit.net':80
- '99######4.servehalflife.com':80
- '99######4.fintech-llc.com':80
- '99#######.trailsendfarms.com':80
- '99#######.#ernando-botero-sculpture.com':80
- wp#d/wpad.dat
- 99#####64.etherbyte.com/
- 99###7064.us.to/
- 99######4.servequake.com/
- 99#######.servecounterstrike.com/
- 99#####64.servepics.com/
- 99#####64.shadir.com/
- 99#####64.bounceme.net/
- 99####064.noip.me/
- 99####064.info.tm/
- 99#####64.paulkelly.org/
- 99####064.ddns.net/
- 99####064.zapto.org/
- 99####064.biz.tm/
- 99#####64.servehttp.com/
- 99####064.gotdns.ch/
- 99#######.fulltimevillain.net/
- 99####064.rltk.us/
- 99####064.rltk.org/
- 99######4.beerprojects.com/
- 99#####64.thegmc.com/
- 99#######.fatesperfection.com/
- 99#####64.dara-dal.net/
- 99#####64.becompany.org/
- 99#####64.fin-tech.com/
- 99######4.candacechao.com/
- 99######4.fintech-llc.com/
- 99#####64.xpresit.net/
- 99#####64.framed.net/
- 99####064.contem.bz/
- 99#######.computersforpeace.net/
- 99#######.#ernando-botero-sculpture.com/
- 99######4.servehalflife.com/
- 99###7064.uk.to/
- 99#######.trailsendfarms.com/
- DNS ASK 99#######.servecounterstrike.com
- DNS ASK 99#####64.etherbyte.com
- DNS ASK 99####064.info.tm
- DNS ASK 99######4.servequake.com
- DNS ASK 99###7064.us.to
- DNS ASK 99#####64.servepics.com
- DNS ASK 99#####64.shadir.com
- DNS ASK 99#####64.bounceme.net
- DNS ASK 99####064.noip.me
- DNS ASK 99####064.biz.tm
- DNS ASK 99#####64.paulkelly.org
- DNS ASK 99#####64.drreading.us
- DNS ASK 99####064.zapto.org
- DNS ASK 99####064.ddns.net
- DNS ASK 99#####64.servehttp.com
- DNS ASK 99####064.gotdns.ch
- DNS ASK 99#######.fulltimevillain.net
- DNS ASK 99####064.rltk.us
- DNS ASK 99####064.rltk.org
- DNS ASK 99######4.beerprojects.com
- DNS ASK 99#####64.thegmc.com
- DNS ASK 99#######.fatesperfection.com
- DNS ASK 99#####64.fin-tech.com
- DNS ASK 99#####64.becompany.org
- DNS ASK wp#d
- DNS ASK 99######4.candacechao.com
- DNS ASK 99#####64.dara-dal.net
- DNS ASK 99#####64.xpresit.net
- DNS ASK 99#####64.framed.net
- DNS ASK 99####064.contem.bz
- DNS ASK 99#######.computersforpeace.net
- DNS ASK 99###7064.uk.to
- DNS ASK 99######4.servehalflife.com
- DNS ASK 99######4.fintech-llc.com
- DNS ASK 99#######.trailsendfarms.com
- DNS ASK 99#######.#ernando-botero-sculpture.com