Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TaskSchedulers32' = '%LOCALAPPDATA%\taskschedule.exe'
- %WINDIR%\syswow64\explorer.exe
- %LOCALAPPDATA%\taskschedule.exe
- 'a.##mpy.se':80
- http://a.##mpy.se/ng.php
- DNS ASK a.##mpy.se
- '%WINDIR%\syswow64\explorer.exe'