Technical Information
- [HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'svccc.exe' = '%WINDIR%\svccc.exe'
- %WINDIR%\svccc.exe
- '%WINDIR%\svccc.exe'
- '%WINDIR%\syswow64\shutdown.exe' -s -t 1' (with hidden window)
- '%WINDIR%\syswow64\shutdown.exe' -s -t 1