Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'UDP Subsystem' = '%ProgramFiles(x86)%\UDP Subsystem\udpss.exe'
- %TEMP%\&startupname&.exe
- %TEMP%\tmp3565.tmp
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %ProgramFiles(x86)%\udp subsystem\udpss.exe
- %TEMP%\tmp3565.tmp
- 'ad#####mix.linkpc.net':1790
- '18#.#40.53.13':1790
- DNS ASK ad#####mix.linkpc.net
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\&startupname&" /XML "%TEMP%\tmp3565.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\&startupname&" /XML "%TEMP%\tmp3565.tmp"