Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%PROGRAMDATA%\Windows\csrss.exe"'
- %PROGRAMDATA%\windows\csrss.exe
- %TEMP%\6893a5~1\state.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-certs.tmp
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-microdescs.new
- %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\state
- from %TEMP%\6893a5~1\state.tmp to %TEMP%\6893a5~1\state
- from %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp to %TEMP%\6893a5~1\unverified-microdesc-consensus
- from %TEMP%\6893a5~1\cached-certs.tmp to %TEMP%\6893a5~1\cached-certs
- from %TEMP%\6893a5~1\cached-microdesc-consensus.tmp to %TEMP%\6893a5~1\cached-microdesc-consensus
- %TEMP%\6893a5~1\state
- '12#.31.0.39':9101
- '86.#9.21.38':443
- '51.##8.99.32':443
- '17#.#.114.252':4080
- '71.##4.111.139':9001
- 'localhost':58314
- 'localhost':49181
- 'localhost':49182
- 'localhost':49183