Technical Information
- %APPDATA%\gqteicgnow.exe
- %TEMP%\tmp1.tmp
- %APPDATA%\5f9fe710-99e6-4c04-be62-a7f1b8b321d1\run.dat
- %APPDATA%\gqteicgnow.exe
- %TEMP%\tmp1.tmp
- DNS ASK sh#####hwish.ddns.net
- '<SYSTEM32>\schtasks.exe' /Create /TN "Updates\gQTeIcgnOW" /XML "%TEMP%\tmp1.tmp"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN "Updates\gQTeIcgnOW" /XML "%TEMP%\tmp1.tmp"