Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Host Process for Windows Services' = 'C:\285982040726622\csrss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Host Process for Windows Services' = 'C:\285982040726622\csrss.exe'
- %TEMP%\79c1.exe
- C:\285982040726622\csrss.exe
- C:\285982040726622\csrss.exe
- '18#.#15.113.93':80
- 'ap#.##pmania.com':80
- DNS ASK ap#.##pmania.com
- ClassName: '5he7g8fue8uf8ef8u8euf8' WindowName: ''
- '%TEMP%\79c1.exe'
- 'C:\285982040726622\csrss.exe'