Technical Information
- %WINDIR%\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
- <SYSTEM32>\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}
- %WINDIR%\msa.exe
- %WINDIR%\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
- <SYSTEM32>\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}
- 'be##die.com':80
- http://be##die.com/ad_type.php
- DNS ASK me##ant.com
- DNS ASK be##die.com
- DNS ASK ga###how.com
- '%WINDIR%\msa.exe'