Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Audio HD Driver' = '%TEMP%\Install.exe'
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- hidden files
- %TEMP%\install.exe
- %TEMP%\install.exe
- DNS ASK yo##.#erveftp.com
- '<SYSTEM32>\netsh.exe' Advfirewall set Currentprofile State off