Technical Information
- %WINDIR%\tasks\oaaq.job
- <SYSTEM32>\tasks\oaaq
- %ALLUSERSPROFILE%\ekdjpib\oaaq.exe
- '26###cgd.com':4039
- DNS ASK 26###cgd.com
- '%ALLUSERSPROFILE%\ekdjpib\oaaq.exe' start
- '%ALLUSERSPROFILE%\ekdjpib\oaaq.exe' start' (with hidden window)