Technical Information
- [<HKLM>\System\CurrentControlSet\Services\VolumeManager] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\VolumeManager] 'ImagePath' = 'cmd.exe /k start <Full path to file>'
- %WINDIR%\syswow64\charmap.exe
- '%WINDIR%\syswow64\cmd.exe' /c sc create ""VolumeManager"" type= own type= interact start= auto error= ignore binpath= "cmd.exe /k start <Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\charmap.exe' "<Full path to file>"
- '%WINDIR%\syswow64\cmd.exe' /c sc create ""VolumeManager"" type= own type= interact start= auto error= ignore binpath= "cmd.exe /k start <Full path to file>"
- '%WINDIR%\syswow64\sc.exe' create ""VolumeManager"" type= own type= interact start= auto error= ignore binpath= "cmd.exe /k start <Full path to file>"