Technical Information
- %WINDIR%\tasks\dailfast.job
- <SYSTEM32>\tasks\dailfast
- [<HKLM>\System\CurrentControlSet\Services\Startled Compassion] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Startled Compassion] 'ImagePath' = '%APPDATA%\Startled Compassion\Startled Compassion.exe'
- 'Startled Compassion' %APPDATA%\Startled Compassion\Startled Compassion.exe
- %ALLUSERSPROFILE%\{6ec15cc7-301d-e118-6ec1-15cc7301731c}\<File name>.exe
- %ALLUSERSPROFILE%\{6ec15cc7-301d-e118-6ec1-15cc7301731c}\<File name>.dat
- %APPDATA%\startled compassion\startled compassion.exe
- %APPDATA%\startled compassion\5bodv.dat
- 'fi####usapro.info':80
- http://fi####usapro.info/?q=#####################################################################################################################################################################...
- DNS ASK fi####usapro.info
- '%APPDATA%\startled compassion\startled compassion.exe'