Technical Information
- %WINDIR%\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
- <SYSTEM32>\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\] '1601' = '00000000'
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\s-1-5-18\d42cc0c3858a58db2db37658219e6400_d99ef00b-ccd3-4f1d-9980-90ac453b0b47
- %WINDIR%\vpibya.exe
- %WINDIR%\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
- 'ad####ineinc.com':80
- 'be##die.com':80
- '19.##7.60.14':80
- http://ad####ineinc.com/ad_type.php?a=############################################################
- http://www.ad####ineinc.com/ad_type.php?a=############################################################
- http://be##die.com/ad_type.php?a=############################################################
- DNS ASK li###din.com
- DNS ASK yandex.ru
- DNS ASK ad####ineinc.com
- DNS ASK be##die.com
- DNS ASK ga###how.com
- DNS ASK ez##ive.com
- DNS ASK su####sprohost.com
- DNS ASK gi###rld.com
- '%WINDIR%\vpibya.exe'