Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss' = '%WINDIR%\csrss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'
- <LS_APPDATA>\n.ini
- %WINDIR%\csrss.exe
- %TEMP%\temp.bat
- 'localhost':5152
- '20#.#58.99.11':80
- ClassName: '106' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '%WINDIR%\csrss.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\temp.bat