Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Service' = '%WINDIR%\M-50505026528658042058626420\winsvc.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Service' = '%WINDIR%\M-50505026528658042058626420\winsvc.exe'
- %WINDIR%\m-50505026528658042058626420\winsvc.exe
- %WINDIR%\m-50505026528658042058626420\winsvc.exe
- 'mx####.##il.gm0.yahoodns.net':25
- '18#.#89.58.222':5050
- DNS ASK ao#.com
- DNS ASK mx####.##il.gm0.yahoodns.net
- '%WINDIR%\m-50505026528658042058626420\winsvc.exe'