Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'UDP Subsystem' = '%ProgramFiles(x86)%\UDP Subsystem\udpss.exe'
- <SYSTEM32>\tasks\udp subsystem
- <SYSTEM32>\tasks\udp subsystem task
- local services.exe
- %APPDATA%\local services.exe
- %TEMP%\tmp4317.tmp.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %ProgramFiles(x86)%\udp subsystem\udpss.exe
- %TEMP%\tmp4dc5.tmp
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\task.dat
- %TEMP%\tmp51fc.tmp
- %TEMP%\tmp4dc5.tmp
- %TEMP%\tmp51fc.tmp
- '5.##.120.177':54984
- DNS ASK se#####u.servehttp.com
- '%APPDATA%\local services.exe'
- '%TEMP%\tmp4317.tmp.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /tn "UDP Subsystem" /xml "%TEMP%\tmp4DC5.tmp"
- '%WINDIR%\syswow64\schtasks.exe' /create /f /tn "UDP Subsystem Task" /xml "%TEMP%\tmp51FC.tmp"