Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '<LS_APPDATA>\qbcre.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im explorer.exe
- %WINDIR%\Explorer.EXE
- <LS_APPDATA>\qbcre.exe
- 'ir#.##restnet.org':6667
- DNS ASK ir#.##restnet.org
- ClassName: '' WindowName: ''