Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls] 'AppSecDll' = '<SYSTEM32>\mshlps.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\kbdsock.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- <SYSTEM32>\mshlps.dll
- <SYSTEM32>\kbdsock.dll
- from <Full path to file> to <SYSTEM32>\info.tmp