Technical Information
- %ProgramFiles%\qtyejx\hsnrrf.rar
- %ProgramFiles%\qtyejx\hsnrrf.exe
- %ProgramFiles%\qtyejx\if
- %APPDATA%\%USERNAME%.XML
- %APPDATA%\%USERNAME%.XML
- 'localhost':1036
- '63.##3.38.114':80
- http://63.##3.38.114/info.php?id##
- '<SYSTEM32>\schtasks.exe' /delete /F /TN "66635F696A5E526754635F5B5666576641"
- '<SYSTEM32>\schtasks.exe' /Create /TN "66635F696A5E526754635F5B5666576641" /xml "%APPDATA%\%USERNAME%.XML"
- '<SYSTEM32>\cmd.exe' /c shutdown -s -f -t 30
- '<SYSTEM32>\shutdown.exe' -s -f -t 30