Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'YIMNUB' = '"%APPDATA%\Windata\winlogonn.exe"'
- %APPDATA%\Windata\winlogonn.exe
- <Full path to file>
- 'do####33.mooo.com':4209
- 'ip###ore.com':80
- http://ip###ore.com/checkip/
- DNS ASK do####33.mooo.com
- DNS ASK ip###ore.com
- '<Full path to file>'