Technical Information
- %WINDIR%\tasks\qhkmdr.job
- <SYSTEM32>\tasks\qhkmdr
- %PROGRAMDATA%\novdj\qhkmdr.exe
- 'wi####tionsocks.com':4124
- DNS ASK wi####tionsocks.com
- '%PROGRAMDATA%\novdj\qhkmdr.exe' start
- '%PROGRAMDATA%\novdj\qhkmdr.exe' start' (with hidden window)