Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%LOCALAPPDATA%\Pic1fPBkmq\LOHejsSdpL.exe" -s'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'UDP Subsystem' = '%ProgramFiles(x86)%\UDP Subsystem\udpss.exe'
- %TEMP%\5jpcu3dptu.exe
- %TEMP%\rnexelxyo2.exe
- %LOCALAPPDATA%\pic1fpbkmq\lohejssdpl.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %ProgramFiles(x86)%\udp subsystem\udpss.exe
- %LOCALAPPDATA%\pic1fpbkmq\lohejssdpl.exe
- 'ri#####or.duckdns.org':1606
- DNS ASK ri#####or.duckdns.org
- '%TEMP%\5jpcu3dptu.exe'
- '%TEMP%\rnexelxyo2.exe'