Technical Information
- %WINDIR%\tasks\savingsmania.job
- [<HKLM>\System\CurrentControlSet\Services\Disbelieving Wisdom] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Disbelieving Wisdom] 'ImagePath' = '%APPDATA%\Disbelieving Wisdom\Disbelieving Wisdom.exe'
- %APPDATA%\disbelieving wisdom\disbelieving wisdom.exe
- %ALLUSERSPROFILE%\application data\{42ec4583-8b55-5a59-42ec-c45838b5160e}\<File name>.exe
- %APPDATA%\disbelieving wisdom\j8.dat
- %ALLUSERSPROFILE%\application data\{42ec4583-8b55-5a59-42ec-c45838b5160e}\<File name>.dat
- DNS ASK ri###ynorth.biz
- DNS ASK al####el-pro.com
- DNS ASK pa###tmodel.biz
- DNS ASK ge####ltiple.link
- '%APPDATA%\disbelieving wisdom\disbelieving wisdom.exe'