Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{44DDC841-CB51-12CF-F2EC-FDAD00B6015B}] 'StubPath' = '%LOCALAPPDATA%\tskscheds.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'TaskSchedulers' = '%LOCALAPPDATA%\tskscheds.exe'
- %WINDIR%\syswow64\explorer.exe
- %LOCALAPPDATA%\tskscheds.exe
- 'g.##mpy.se':80
- http://g.##mpy.se/ng.php
- DNS ASK g.##mpy.se
- '%WINDIR%\syswow64\explorer.exe'