Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss' = '%WINDIR%\csrss.exe'
- %WINDIR%\TouchlessLib.dll
- %WINDIR%\WebCamLib.dll
- %TEMP%\6053ebfe90521b0d28587ccbe8e085b0\4jksi\MS8xMC8yMDE4IDQ6NDE6MDYgQU0=
- %WINDIR%\csrss.exe
- %TEMP%\7ZipSfx.000\TouchlessLib.dll
- %TEMP%\7ZipSfx.000\WebCamLib.dll
- %TEMP%\7ZipSfx.000\csrss.exe
- 'li###noop.com':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK li###noop.com
- DNS ASK wp#d
- '%TEMP%\7ZipSfx.000\csrss.exe' 6053ebfe90521b0d28587ccbe8e085b0