Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '"<SYSTEM32>\WUDHost.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe, "%APPDATA%\audiohd.exe"'
- скрытых файлов
- '<SYSTEM32>\WUDHost.exe'
- '%APPDATA%\audiohd.exe'
- '<SYSTEM32>\attrib.exe' +S +H "<SYSTEM32>\WUDHost.exe"
- '<SYSTEM32>\attrib.exe' +S +H "%APPDATA%\audiohd.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\setattrib.bat""
- %TEMP%\setattrib.bat
- <SYSTEM32>\WUDHost.exe
- %APPDATA%\audiohd.exe
- <SYSTEM32>\WUDHost.exe
- %APPDATA%\audiohd.exe
- '18#.#90.98.178':80
- 'wp#d':80
- wp#d/wpad.dat
- 18#.#90.98.178/wp/main.php
- DNS ASK wp#d