Technical Information
- <SYSTEM32>\tasks\updates\xshoeueia
- %APPDATA%\xshoeueia.exe
- %TEMP%\tmp62af.tmp
- %APPDATA%\remcos\logs.dat
- %APPDATA%\xshoeueia.exe
- %APPDATA%\remcos\logs.dat
- %TEMP%\tmp62af.tmp
- 'yo###.duckdns.org':1047
- DNS ASK yo###.duckdns.org
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\xSHoEueiA" /XML "%TEMP%\tmp62AF.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\xSHoEueiA" /XML "%TEMP%\tmp62AF.tmp"