Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows System Audio Driver' = '"%WINDIR%\audio32hd.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- hidden files
- User Account Control (UAC)
- '%APPDATA%\WUD32Host.exe'
- '%WINDIR%\audio32hd.exe'
- '<SYSTEM32>\netsh.exe' Firewall set opmode disable
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- '94#####76.serveblog.net':80
- '94####776.gotdns.ch':80
- '94####776.zapto.org':80
- '94####776.myvnc.com':80
- '94####776.hopto.org':80
- '94######6.servehalflife.com':80
- '94#######.serveminecraft.net':80
- '94######6.3utilities.com':80
- '94####776.myftp.biz':80
- '94#####76.bounceme.net':80
- '94###2776.info':80
- '58####367.ddns.net':80
- '94###2776.ru':80
- '94####776.sytes.net':80
- '94#####76.servegame.com':80
- '94######6.servequake.com':80
- '94####776.no-ip.biz':80
- '94#######.servecounterstrike.com':80
- '94#####76.serveftp.com':80
- '94#####76.servebeer.com':80
- '94###2776.com':80
- '94####776.myftp.org':80
- '94####776.ddns.net':80
- 'wp#d':80
- '94######6.redirectme.net':80
- '94####776.no-ip.org':80
- '94#####76.ddnsking.com':80
- '94###2776.biz':80
- '94#####76.servehttp.com':80
- '94#####76.servepics.com':80
- '94###2776.net':80
- '94#####76.no-ip.info':80
- '94####776.noip.me':80
- '94#####76.servemp3.com':80
- '94####776.webhop.me':80
- wp#d/wpad.dat
- 94#####76.serveblog.net/
- 94####776.gotdns.ch/
- 94####776.zapto.org/
- 94####776.myvnc.com/
- 94####776.hopto.org/
- 94######6.servehalflife.com/
- 94#######.serveminecraft.net/
- 94######6.3utilities.com/
- 94####776.myftp.biz/
- 94#####76.bounceme.net/
- 94###2776.info/
- 58####367.ddns.net/
- 94###2776.ru/
- 94####776.sytes.net/
- 94#####76.servegame.com/
- 94######6.servequake.com/
- 94####776.no-ip.biz/
- 94####776.myftp.org/
- 94#####76.serveftp.com/
- 94#####76.ddnsking.com/
- 94###2776.com/
- 94####776.no-ip.org/
- 94####776.ddns.net/
- 94#####76.servebeer.com/
- 94######6.redirectme.net/
- 94####776.noip.me/
- 94###2776.net/
- 94###2776.biz/
- 94#######.servecounterstrike.com/
- 94#####76.servepics.com/
- 94####776.webhop.me/
- 94#####76.no-ip.info/
- 94#####76.servehttp.com/
- 94#####76.servemp3.com/
- DNS ASK 94####776.myvnc.com
- DNS ASK 94#####76.serveblog.net
- DNS ASK 94####776.myftp.biz
- DNS ASK 94####776.zapto.org
- DNS ASK 94####776.gotdns.ch
- DNS ASK 94####776.hopto.org
- DNS ASK 94######6.servehalflife.com
- DNS ASK 94#######.serveminecraft.net
- DNS ASK 94######6.3utilities.com
- DNS ASK 94###2776.ru
- DNS ASK 94#####76.bounceme.net
- DNS ASK 58####367.no-ip.org
- DNS ASK 58####367.ddns.net
- DNS ASK 94###2776.info
- DNS ASK 94####776.sytes.net
- DNS ASK 94#####76.servegame.com
- DNS ASK 94######6.servequake.com
- DNS ASK 94####776.no-ip.biz
- DNS ASK 94####776.myftp.org
- DNS ASK 94#####76.serveftp.com
- DNS ASK 94#####76.ddnsking.com
- DNS ASK 94###2776.com
- DNS ASK 94#####76.servebeer.com
- DNS ASK 94####776.ddns.net
- DNS ASK wp#d
- DNS ASK 94######6.redirectme.net
- DNS ASK 94####776.no-ip.org
- DNS ASK 94###2776.net
- DNS ASK 94###2776.biz
- DNS ASK 94#######.servecounterstrike.com
- DNS ASK 94#####76.servepics.com
- DNS ASK 94#####76.servehttp.com
- DNS ASK 94#####76.no-ip.info
- DNS ASK 94####776.noip.me
- DNS ASK 94#####76.servemp3.com
- DNS ASK 94####776.webhop.me