Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CmdSYSTEM] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\CmdSYSTEM] 'ImagePath' = 'cmd /c start <SYSTEM32>\Microsoft\winlogon.exe <SYSTEM32>\mswmdm.vbe 1'
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\mswmdm.vbe"
- '<SYSTEM32>\cmd.exe' /c start <SYSTEM32>\Microsoft\winlogon.exe <SYSTEM32>\mswmdm.vbe 1
- '<SYSTEM32>\net1.exe' start CmdSYSTEM
- '<SYSTEM32>\sc.exe' config CmdSYSTEM start= auto
- '<SYSTEM32>\svchosl.exe'
- '<SYSTEM32>\Microsoft\winlogon.exe' <SYSTEM32>\mswmdm.vbe 1
- '<SYSTEM32>\sc.exe' create CmdSYSTEM type= own type= interact binPath= "cmd /c start <SYSTEM32>\Microsoft\winlogon.exe <SYSTEM32>\mswmdm.vbe 1"
- '<SYSTEM32>\cmd.exe' /c sc create CmdSYSTEM type= own type= interact binPath= "cmd /c start <SYSTEM32>\Microsoft\winlogon.exe <SYSTEM32>\mswmdm.vbe 1"
- '<SYSTEM32>\regsvr32.exe' /s XHTTP.dll
- '<SYSTEM32>\cmd.exe' /c net start CmdSYSTEM
- '<SYSTEM32>\net.exe' start CmdSYSTEM
- '<SYSTEM32>\cmd.exe' /c sc config CmdSYSTEM start= auto
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\XHTTP.dll
- <SYSTEM32>\Microsoft\winlogon.exe
- <SYSTEM32>\svchosl.exe
- <SYSTEM32>\lps.ini
- <SYSTEM32>\mswmdm.vbe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''