Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arm64reg] 'Startup' = 'arm64reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arm64reg] 'DllName' = 'c:\Settings\arm64.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\2.sys
- %WINDIR%\Temp\arm4413.tmp
- %WINDIR%\Temp\1.dll
- %WINDIR%\Temp\1.tmp
- C:\Settings\arm64.dll
- %WINDIR%\Temp\1.dll в C:\Settings\arm64.dll