Technical Information
- <SYSTEM32>\tasks\updates\ctylcqa
- %APPDATA%\ctylcqa.exe
- %TEMP%\tmp8cad.tmp
- %APPDATA%\ctylcqa.exe
- %TEMP%\tmp8cad.tmp
- 'kn####.#hedailyfigaopx.ml':2103
- DNS ASK kn####.#hedailyfigaopx.ml
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\cTYlcQA" /XML "%TEMP%\tmp8CAD.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\cTYlcQA" /XML "%TEMP%\tmp8CAD.tmp"