Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%ALLUSERSPROFILE%\Application Data\Windows\csrss.exe"'
- %TEMP%\6893a5~1\state.tmp
- %ALLUSERSPROFILE%\application data\windows\csrss.exe
- from %TEMP%\6893a5~1\state.tmp to %TEMP%\6893a5~1\state
- 'localhost':1036
- '19#.#3.244.244':443
- '15#.35.32.5':443