Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'CSRSS' = '"%ALLUSERSPROFILE%\Application Data\Drivers\csrss.exe"'
- %ALLUSERSPROFILE%\application data\drivers\csrss.exe
- %TEMP%\4kpv6a~1\state.tmp
- %TEMP%\4kpv6a~1\unverified-microdesc-consensus.tmp
- %TEMP%\4kpv6a~1\cached-certs.tmp
- %TEMP%\4kpv6a~1\cached-microdesc-consensus.tmp
- %TEMP%\4kpv6a~1\cached-microdescs.new
- %ALLUSERSPROFILE%\application data\drivers\csrss.exe
- %TEMP%\4kpv6a~1\unverified-microdesc-consensus
- from %TEMP%\4kpv6a~1\state.tmp to %TEMP%\4kpv6a~1\state
- from %TEMP%\4kpv6a~1\unverified-microdesc-consensus.tmp to %TEMP%\4kpv6a~1\unverified-microdesc-consensus
- from %TEMP%\4kpv6a~1\cached-certs.tmp to %TEMP%\4kpv6a~1\cached-certs
- from %TEMP%\4kpv6a~1\cached-microdesc-consensus.tmp to %TEMP%\4kpv6a~1\cached-microdesc-consensus
- 'localhost':1036
- '86.#9.21.38':443
- '19#.#3.244.244':443
- '82.##7.218.97':9001
- '10#.#0.100.17':443
- '88.##.61.201':9001
- 'localhost':62085