Technical Information
- %WINDIR%\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
- <SYSTEM32>\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\] '1601' = '00000000'
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\s-1-5-18\d42cc0c3858a58db2db37658219e6400_d4602615-9d50-4880-be41-678935e93eaa
- %WINDIR%\sqajaa.exe
- %WINDIR%\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
- <SYSTEM32>\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}
- 'pr##ca.com':80
- '62.#2.33.69':80
- http://pr##ca.com/ad_type.php?a=############################################################
- DNS ASK uo#.com.br
- DNS ASK im###shack.us
- DNS ASK pr##ca.com
- DNS ASK al###ome.com
- DNS ASK th###page.com
- ClassName: '1785557910' WindowName: '1551458293'
- '%WINDIR%\sqajaa.exe'