Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4ECYTQ9SIC' = '<Full path to file>'
- %WINDIR%\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job
- <SYSTEM32>\tasks\{22116563-108c-42c0-a7ce-60161b75e508}
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\] '1601' = '00000000'
- 'ge###urses.com':80
- '21#.#29.218.150':80
- http://ge###urses.com/borders.php
- DNS ASK ne##ux.com
- DNS ASK so###nic.com
- DNS ASK go##le.cl
- DNS ASK ge###urses.com
- DNS ASK ja###ertbb.com
- DNS ASK sa###chts.com
- DNS ASK pr###jer.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''