Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalplw] 'Start' = '00000002'
- <SYSTEM32>\System32.exe
- %PROGRAM_FILES%\ssmarque.scr /S
- <SYSTEM32>\System32.exe
- %PROGRAM_FILES%\ssmarque.scr
- 'xi####120.3322.org':4023
- DNS ASK xi####120.3322.org
- '<Private IP address>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''