Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows HD Audio' = '"<SYSTEM32>\hdaudio.exe"'
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\autorun.exe
- hidden files
- %WINDIR%\syswow64\hdaudio.exe
- %CommonProgramFiles(x86)%\dvdaudio.exe
- %WINDIR%\syswow64\hdaudio.exe
- %CommonProgramFiles(x86)%\dvdaudio.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\autorun.exe
- DNS ASK pp#.##hidden.net
- '%WINDIR%\syswow64\hdaudio.exe'
- '%CommonProgramFiles(x86)%\dvdaudio.exe'
- '%WINDIR%\syswow64\hdaudio.exe' ' (with hidden window)
- '%CommonProgramFiles(x86)%\dvdaudio.exe' ' (with hidden window)