Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'UDP Subsystem' = '%ProgramFiles(x86)%\UDP Subsystem\udpss.exe'
- <SYSTEM32>\tasks\win32
- %TEMP%\folder\fwin64.exe
- %TEMP%\7df5db21206d43c8a4b0d9567565de3c.xml
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %ProgramFiles(x86)%\udp subsystem\udpss.exe
- 'ne####5.duckdns.org':9922
- 'localhost':9922
- DNS ASK ne####5.duckdns.org
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /Create /TN win32 /XML "%TEMP%\7df5db21206d43c8a4b0d9567565de3c.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN win32 /XML "%TEMP%\7df5db21206d43c8a4b0d9567565de3c.xml"