Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Nozosyba' = 'rundll32.exe %APPDATA%\Toif\watuzuva.dll,DllRegisterServer'
- %WINDIR%\win.ini
- %WINDIR%\syswow64\msiexec.exe
- %APPDATA%\toif\watuzuva.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- 'fd#####sfjdsdsjajjs.com':443
- DNS ASK fd#####sfjdsdsjajjs.com
- '%WINDIR%\syswow64\msiexec.exe'