Technical Information
- [HKLM\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '39961' = '%ProgramFiles%\locals~1\temp\msbmait.com'
- %WINDIR%\syswow64\svchost.exe
- %ProgramFiles%\locals~1\temp\msbmait.com
- 'lo####paerl.co.uk':80
- http://lo####paerl.co.uk/100new/image.php
- DNS ASK lo####paerl.co.uk
- '%WINDIR%\syswow64\svchost.exe'