Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NTService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\NTService] 'ImagePath' = '<SYSTEM32>\LogFiles\smss.exe'
- 'NTService' <SYSTEM32>\LogFiles\smss.exe
- <SYSTEM32>\logfiles\smss.exe
- C:\time.log
- <SYSTEM32>\logfiles\smss.exe
- '<SYSTEM32>\logfiles\smss.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "<SYSTEM32>\LogFiles\smss.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "<SYSTEM32>\LogFiles\smss.exe"