Technical Information
- <SYSTEM32>\tasks\1xqcw8al
- %APPDATA%\s1qoakdo.tmp
- DNS ASK mb######gn65bx3g.hp8ewo.net
- DNS ASK mb######gn65bx3g.0ny42p.com
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "1XQCw8AL" /TR "<Full path to file>" /SC ONLOGON /RL HIGHEST /F' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "1XQCw8AL" /TR "<Full path to file>" /SC ONLOGON /RL HIGHEST /F