Technical Information
- %WINDIR%\tasks\easytools.job
- <SYSTEM32>\tasks\easytools
- [<HKLM>\System\CurrentControlSet\Services\Cautious Audience] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Cautious Audience] 'ImagePath' = '%APPDATA%\Cautious Audience\Cautious Audience.exe'
- 'Cautious Audience' %APPDATA%\Cautious Audience\Cautious Audience.exe
- %ALLUSERSPROFILE%\{731c03de-04bc-26b2-731c-c03de04b0f78}\<File name>.exe
- %ALLUSERSPROFILE%\{731c03de-04bc-26b2-731c-c03de04b0f78}\<File name>.dat
- %APPDATA%\cautious audience\cautious audience.exe
- %APPDATA%\cautious audience\5bodv.dat
- 'gr###model.biz':80
- 'pa###tmodel.biz':80
- http://pa###tmodel.biz/?q=#######################################################################################################################################################################...
- DNS ASK gr###model.biz
- DNS ASK pa###tmodel.biz
- '%APPDATA%\cautious audience\cautious audience.exe'