Technical Information
- %WINDIR%\tasks\waterwell.job
- <SYSTEM32>\tasks\waterwell
- [<HKLM>\System\CurrentControlSet\Services\Clever Misery] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Clever Misery] 'ImagePath' = '%APPDATA%\Clever Misery\Clever Misery.exe'
- 'Clever Misery' %APPDATA%\Clever Misery\Clever Misery.exe
- %ALLUSERSPROFILE%\{0fda7ff9-171b-c2bb-0fda-a7ff9171ffe4}\<File name>.exe
- %ALLUSERSPROFILE%\{0fda7ff9-171b-c2bb-0fda-a7ff9171ffe4}\<File name>.dat
- %APPDATA%\clever misery\clever misery.exe
- %APPDATA%\clever misery\5bodv.dat
- 'ri###ynorth.biz':80
- 'fi####usapro.info':80
- 'mo###odel.biz':80
- DNS ASK ri###ynorth.biz
- DNS ASK al####el-pro.com
- DNS ASK fi####usapro.info
- DNS ASK mo###odel.biz
- '%APPDATA%\clever misery\clever misery.exe'