Technical Information
- %WINDIR%\tasks\aoakug.job
- <SYSTEM32>\tasks\aoakug
- %PROGRAMDATA%\cgwo\aoakug.exe
- 'ba####opstars.space':4035
- 'ba####opstars.bar':4035
- 'ap#.#pify.org':443
- DNS ASK ba####opstars.space
- DNS ASK ba####opstars.bar
- DNS ASK ap#.#pify.org
- '%PROGRAMDATA%\cgwo\aoakug.exe' start
- '%PROGRAMDATA%\cgwo\aoakug.exe' start' (with hidden window)