Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\cscc4.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{2K3MH573-5C24-2880-765Q-48J44P7EY7I5}] 'StubPath' = '%WINDIR%\cscc4.exe -ac'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nvcpl' = '%WINDIR%\cscc4.exe'
- Средство контроля пользовательских учетных записей (UAC)
- %WINDIR%\cscc4.exe "ersciuefambn" yfupqwfn
- <SYSTEM32>\sc.exe delete --
- <SYSTEM32>\net1.exe start --
- <SYSTEM32>\sc.exe create -- binPath= "cmd /c start \"\" \"%WINDIR%\cscc4.exe\" \"ersciuefambn\" " type= own type= interact
- %WINDIR%\cscc4.exe
- 'pi.###e-xboxes.info':3460
- DNS ASK pi.###e-xboxes.info