-Finished-
Detection of modification of registry key Notify,Userinit and Shell located in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ and HKEY_LOCAL_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. When user logon, the Registry keys Notify, Userinit and Shell are used to load dedicated Windows component. Attacker may insert malicious payload following the legit value to launch a malicious payload.
Ptylu
commented
2 years ago
-Finished- Detection of modification of registry key Notify,Userinit and Shell located in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ and HKEY_LOCAL_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. When user logon, the Registry keys Notify, Userinit and Shell are used to load dedicated Windows component. Attacker may insert malicious payload following the legit value to launch a malicious payload.