Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,%CommonProgramFiles%\System\lsasss.exe'
- '' <DRIVERS>\secdrv.sys
- %WINDIR%\syswow64\drivers\secdrv2.ext
- %WINDIR%\syswow64\vsdertl32.dig
- %CommonProgramFiles%\system\lsasss.exe
- %CommonProgramFiles%\system\server32.exe
- %CommonProgramFiles%\system\lsasss.exe
- %CommonProgramFiles%\system\server32.exe
- from %WINDIR%\syswow64\drivers\secdrv2.ext to %WINDIR%\syswow64\drivers\secdrv.sys