Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Session Manager' = '"%ALLUSERSPROFILE%\Application Data\services\csrss.exe"'
- %TEMP%\9P2i8FeHvz\state.tmp
- %ALLUSERSPROFILE%\Application Data\services\csrss.exe
- %ALLUSERSPROFILE%\Application Data\services\csrss.exe
- %TEMP%\9P2i8FeHvz\state.tmp в %TEMP%\9P2i8FeHvz\state
- '17#.#5.193.9':80
- 'localhost':1038