Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b6a964f7ca978e3d751c85545f1c5112' = '"%APPDATA%\WUDHost.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'b6a964f7ca978e3d751c85545f1c5112' = '"%APPDATA%\WUDHost.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\WUDHost.exe" "WUDHost.exe" ENABLE
- %APPDATA%\wudhost.exe
- %TEMP%\tmp37b7.tmp.bat
- %TEMP%\tmpba55.tmp.bat
- %TEMP%\tmpcad1.tmp.bat
- %TEMP%\tmpf146.tmp.bat
- %TEMP%\tmpf2fc.tmp.bat
- 'aa#####ous123.ddns.net':1177
- DNS ASK aa#####ous123.ddns.net
- '%APPDATA%\wudhost.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\WUDHost.exe" "WUDHost.exe" ENABLE' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmp37B7.tmp.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmpBA55.tmp.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmpCAD1.tmp.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmpF146.tmp.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmpF2FC.tmp.bat" "