Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'CleanBrowser' = '%WINDIR%\Temp\9E45.tmp.exe /install'
- %WINDIR%\temp\9e45.tmp.exe
- http://li#####tscounter.com/SysInfo/cb6w.php?gu###################################
- DNS ASK ev####.datahouse-us.com
- DNS ASK li#####tscounter.com
- '%WINDIR%\syswow64\runonce.exe' /RunOnce6432