It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “tsc.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “csc.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Cyber Security
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\wow64main.exe
The threat will drop the following malicious files:
- %Program Files%\CS\tsc.exe
- %Program Files%\CS\system.dat
- csc.exe
- winsource.dll
- Help.lnk
- Registration.lnk
- Cyber Security.lnk
