Technical Information
- %ProgramFiles%\qtbqmy\ybjnxg.rar
- %ProgramFiles%\qtbqmy\ybjnxg.exe
- %ProgramFiles%\qtbqmy\if
- %APPDATA%\%USERNAME%.XML
- %APPDATA%\%USERNAME%.XML
- 'localhost':1038
- '17#.#3.140.82':80
- http://17#.#3.140.82/info.php?id##
- '<SYSTEM32>\schtasks.exe' /delete /F /TN "66635F696A5E526754635F5B5666576641"
- '<SYSTEM32>\schtasks.exe' /Create /TN "66635F696A5E526754635F5B5666576641" /xml "%APPDATA%\%USERNAME%.XML"
- '<SYSTEM32>\cmd.exe' /c shutdown -s -f -t 30
- '<SYSTEM32>\shutdown.exe' -s -f -t 30