Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '52923' = '%ProgramFiles%\locals~1\temp\mszisr.cmd'
- %WINDIR%\syswow64\svchost.exe
- %ProgramFiles%\locals~1\temp\mszisr.cmd
- '19#.#93.250.180':80
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'
- '%WINDIR%\syswow64\svchost.exe'