Technical Information
- [<HKLM>\System\CurrentControlSet\Services\winnsi] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\winnsi] 'ImagePath' = '"%WINDIR%\SysWOW64\winnsi\winnsi.exe"'
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\104[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\104[1]
- from <Full path to file> to %WINDIR%\syswow64\winnsi\winnsi.exe
- '20#.#26.237.113':80
- http://20#.#26.237.113/F2s6Wn/Id2OrYI/1QWdK3I/
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''