Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '"<SYSTEM32>\WUDHost.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe, "%APPDATA%\audiohd.exe"'
- скрытых файлов
- '<SYSTEM32>\WUDHost.exe'
- '<SYSTEM32>\attrib.exe' +S +H "<SYSTEM32>\WUDHost.exe"
- '%APPDATA%\audiohd.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\setattrib.bat""
- '<SYSTEM32>\attrib.exe' +S +H "%APPDATA%\audiohd.exe"
- %TEMP%\setattrib.bat
- <SYSTEM32>\WUDHost.exe
- %APPDATA%\audiohd.exe
- <SYSTEM32>\WUDHost.exe
- %APPDATA%\audiohd.exe
- '18#.#90.98.178':80
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://18#.#90.98.178/wp/main.php
- DNS ASK wp#d