Technical Information
- %WINDIR%\tasks\pocketfinds.job
- [<HKLM>\System\CurrentControlSet\Services\Dreary Choir] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Dreary Choir] 'ImagePath' = '%APPDATA%\Dreary Choir\Dreary Choir.exe'
- %APPDATA%\dreary choir\dreary choir.exe
- %ALLUSERSPROFILE%\application data\{b87f75b1-6683-ff17-b87f-f75b1668d6c5}\<File name>.exe
- %APPDATA%\dreary choir\5bodv.dat
- %ALLUSERSPROFILE%\application data\{b87f75b1-6683-ff17-b87f-f75b1668d6c5}\<File name>.dat
- DNS ASK gr###model.biz
- DNS ASK al####el-pro.com
- DNS ASK mo###odel.biz
- DNS ASK pa###tmodel.biz
- '%APPDATA%\dreary choir\dreary choir.exe'