Technical Information
- %WINDIR%\tasks\perlhelper.job
- [<HKLM>\System\CurrentControlSet\Services\Guilty Village] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Guilty Village] 'ImagePath' = '%APPDATA%\Guilty Village\Guilty Village.exe'
- %APPDATA%\guilty village\guilty village.exe
- %ALLUSERSPROFILE%\application data\{4d32f39d-5e4f-a02c-4d32-2f39d5e4ce75}\<File name>.exe
- %APPDATA%\guilty village\jp3if.dat
- %ALLUSERSPROFILE%\application data\{4d32f39d-5e4f-a02c-4d32-2f39d5e4ce75}\<File name>.dat
- DNS ASK ge####ltiple.link
- DNS ASK al####el-pro.com
- DNS ASK gr###model.biz
- DNS ASK fu###et.info
- '%APPDATA%\guilty village\guilty village.exe'