Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Naeron Injector' = '"<SYSTEM32>\Injector.exe"'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\WUDHost.exe
- hidden files
- Registry Editor (RegEdit)
- User Account Control (UAC)
- '%TEMP%\test.exe'
- '%TEMP%\test.exe' (downloaded from the Internet)
- <SYSTEM32>\Injector.exe
- %CommonProgramFiles%\WUDHost.exe
- %TEMP%\test.exe
- <Current directory>\workgroup
- %CommonProgramFiles%\WUDHost.exe
- <SYSTEM32>\Injector.exe
- 'ac###nia.net':80
- 'wp#d':80
- ac###nia.net/anatoxistest/panel/unser.exe
- wp#d/wpad.dat
- DNS ASK ac###nia.net
- DNS ASK wp#d