Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wminotify] 'Logon' = 'EventLogon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wminotify] 'Startup' = 'EventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wminotify] 'DllName' = '<SYSTEM32>\wminotify.dll'
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\temp\temp0.bat" "
- %WINDIR%\Temp\temp0.bat
- <SYSTEM32>\wminotify.dll