Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'zWDzORIciG' = 'C:\Users\Public\zWDzORIciG.vbs'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'net' = '<Full path to file>'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{058XYK3B-61OR-HB8Q-XA23-8U26488DY135}] 'StubPath' = '"<Full path to file>"'
- %HOMEPATH%\audiosrvpolicymanager\securekernel.bat
- '18#.#44.31.144':26646
- DNS ASK wp#d