Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss' = '%WINDIR%\csrss.exe'
- '%TEMP%\7ZipSfx.000\csrss.exe' 1443744f7055eea480bd565e28b6a3da
- %WINDIR%\csrss.exe
- %WINDIR%\TouchlessLib.dll
- %WINDIR%\WebCamLib.dll
- %TEMP%\7ZipSfx.000\TouchlessLib.dll
- %TEMP%\7ZipSfx.000\WebCamLib.dll
- %TEMP%\7ZipSfx.000\csrss.exe
- 'li###noop.com':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK li###noop.com
- DNS ASK wp#d