Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '<SYSTEM32>\Inssfgs\Sfgfsdr.rar'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '<SYSTEM32>\Inssfgs\Sfgfsdr.rar'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5K1U540A-X31E-28HD-DOY6-LC681IS65S1W}] 'StubPath' = '<SYSTEM32>\Inssfgs\Sfgfsdr.rar restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '㩃摜扮捱歜捲敥攮數'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5K1U540A-X31E-28HD-DOY6-LC681IS65S1W}] 'StubPath' = '<SYSTEM32>\Inssfgs\Sfgfsdr.rar'
- %WINDIR%\syswow64\svchost.exe
- %WINDIR%\syswow64\inssfgs\sfgfsdr.rar
- 'localhost':81
- DNS ASK to####ozz.no-ip.org
- '%WINDIR%\syswow64\svchost.exe'