Technical Information
- <SYSTEM32>\tasks\wininit
- <SYSTEM32>\tasks\dwm
- <SYSTEM32>\tasks\csrss
- %TEMP%\mbsetup(1).exe
- %TEMP%\reviewdriversessiondllreviewbrokersvc.vmp.sfx.exe
- %TEMP%\reviewdriversessiondllreviewbrokersvc.vmp.exe
- <SYSTEM32>\secur32\wininit.exe
- <SYSTEM32>\secur32\560854153607923c4c5f107085a7db67be01f252
- <SYSTEM32>\nlsdl\dwm.exe
- <SYSTEM32>\nlsdl\6cb0b6c459d5d3455a3da700e713f2e2529862ff
- <SYSTEM32>\wksprt\csrss.exe
- <SYSTEM32>\wksprt\886983d96e3d3e31032c679b2d4ea91b6c05afef
- C:\documents and settings\dwm.exe
- C:\documents and settings\6cb0b6c459d5d3455a3da700e713f2e2529862ff
- '18#.#09.21.106':80
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\reviewdriversessiondllreviewbrokersvc.vmp.sfx.exe'
- '%TEMP%\reviewdriversessiondllreviewbrokersvc.vmp.exe'
- '<SYSTEM32>\nlsdl\dwm.exe'
- '<SYSTEM32>\nlsdl\dwm.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn "wininit" /sc ONLOGON /tr "'<SYSTEM32>\secur32\wininit.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "dwm" /sc ONLOGON /tr "'<SYSTEM32>\Nlsdl\dwm.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'<SYSTEM32>\wksprt\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "dwm" /sc ONLOGON /tr "'C:\Documents and Settings\dwm.exe'" /rl HIGHEST /f