Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'KjZqPEFyLf' = '%APPDATA%\EkQDXrDeAR\mYKCYxAkTw.exe'
- <SYSTEM32>\tasks\udp subsystem
- %APPDATA%\ekqdxrdear\mykcyxaktw.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %TEMP%\tmp6805.tmp
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\task.dat
- %TEMP%\tmp6805.tmp
- 'localhost':53896
- '%WINDIR%\syswow64\schtasks.exe' /create /f /tn "UDP Subsystem" /xml "%TEMP%\tmp6805.tmp"