Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Corporation' = '%APPDATA%\winservice.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Corporation' = '%APPDATA%\winservice.exe'
- %APPDATA%\microsoft\windows\templates\ymahylpocaumjgc.exe.exe
- %APPDATA%\winservice.exe
- %APPDATA%\winservice.exe
- DNS ASK 56#.#yndns.info
- '%APPDATA%\microsoft\windows\templates\ymahylpocaumjgc.exe.exe'
- '%APPDATA%\winservice.exe'
- '%APPDATA%\winservice.exe' ' (with hidden window)