Technical Information
- %WINDIR%\tasks\qrxgm.job
- <SYSTEM32>\tasks\qrxgm
- %PROGRAMDATA%\bskdt\qrxgm.exe
- 'ba####opstars.space':4035
- DNS ASK ba####opstars.space
- '%PROGRAMDATA%\bskdt\qrxgm.exe' start
- '%PROGRAMDATA%\bskdt\qrxgm.exe' start' (with hidden window)