Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\winxxxhijkl Nopqrstu Wxy] 'ImagePath' = '<Full path to file>'
- [<HKLM>\SYSTEM\ControlSet001\Services\winxxxhijkl Nopqrstu Wxy] 'Start' = '00000002'
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\xm[1].exe
- %WINDIR%\Help\Newra.exe
- 'localhost':1038
- '27.##5.79.239':8986
- 'localhost':1036
- '18#.#17.74.152':80
- http://18#.#17.74.152/xm.exe
- '<Full path to file>'