Technical Information
- %WINDIR%\tasks\cejk.job
- <SYSTEM32>\tasks\cejk
- %ALLUSERSPROFILE%\iaqhxp\cejk.exe
- 'me###at128.com':4044
- DNS ASK sd###ert197.com
- DNS ASK me###at128.com
- '%ALLUSERSPROFILE%\iaqhxp\cejk.exe' start
- '%ALLUSERSPROFILE%\iaqhxp\cejk.exe' start' (with hidden window)