Technical Information
- <SYSTEM32>\tasks\updates\zrqlcbyzivxvj
- %APPDATA%\zrqlcbyzivxvj.exe
- %TEMP%\tmp6dca.tmp
- %APPDATA%\zrqlcbyzivxvj.exe
- %TEMP%\tmp6dca.tmp
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\zRQlcbYziVXVJ" /XML "%TEMP%\tmp6DCA.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\zRQlcbYziVXVJ" /XML "%TEMP%\tmp6DCA.tmp"