Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Audio HD Driver' = '%TEMP%\AZNbbBfANwPn.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Audio HD Driver' = '%TEMP%\AZNbbBfANwPn.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '"<SYSTEM32>\audiohu.exe"'
- hidden files
- %TEMP%\aznbbbfanwpn.exe
- %APPDATA%\aznbbbfanwpn.exe
- %WINDIR%\syswow64\audiohu.exe
- %CommonProgramFiles(x86)%\wadhost.exe
- %TEMP%\aznbbbfanwpn.exe
- %APPDATA%\aznbbbfanwpn.exe
- %WINDIR%\syswow64\audiohu.exe
- %CommonProgramFiles(x86)%\wadhost.exe
- '13#7.kz':80
- http://13#7.kz/vsocks/gate.php
- DNS ASK 13#7.kz
- '%WINDIR%\syswow64\audiohu.exe'
- '%CommonProgramFiles(x86)%\wadhost.exe'
- '%WINDIR%\syswow64\audiohu.exe' ' (with hidden window)
- '%CommonProgramFiles(x86)%\wadhost.exe' ' (with hidden window)