Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows System Audio Driver' = '"%WINDIR%\audio32hd.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- скрытых файлов
- '%APPDATA%\WUD32Host.exe'
- '%WINDIR%\audio32hd.exe'
- '<SYSTEM32>\netsh.exe' Firewall set opmode disable
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- '46#####63.grupompr.com':80
- '46###8663.us.to':80
- '46#####63.wtf-no.com':80
- '46#####63.blizzie.net':80
- 'wp#d':80
- '46####663.getce.com':80
- '46######3.fintech-llc.com':80
- wp#d/wpad.dat
- 46#####63.grupompr.com/
- 46###8663.us.to/
- 46#####63.wtf-no.com/
- 46####663.getce.com/
- 46######3.fintech-llc.com/
- 46#####63.blizzie.net/
- DNS ASK 46#####63.blizzie.net
- DNS ASK 46#####63.igliss.com
- DNS ASK 46#####63.grupompr.com
- DNS ASK 46#####63.wtf-no.com
- DNS ASK 46###8663.us.to
- DNS ASK 46#####63.xpresit.net
- DNS ASK wp#d
- DNS ASK 46#######.asianfreshproduce.com
- DNS ASK 46######3.fintech-llc.com
- DNS ASK 46####663.getce.com
- '23#.#55.255.250':1900
- '<IP-адрес в локальной сети>':5351