This is a bunch of legacy and not so popular anymore Registry locations that could have at some stage in the past support persistence by pointing to various editors associated with ‘viewing source of web pages’, and using Microsoft Office for editing HTML documents:
- HKCUSoftwareMicrosoftSharedHTMLDefault Editor
- HKCUSOFTWAREMicrosoftSharedHTMLOld Default Editor
- HKLMSOFTWAREMicrosoftSharedHTMLOld Default Editor
- HKCUSoftwareMicrosoftInternet ExplorerDefault HTML Editor
- HKCUSoftwareMicrosoftInternet ExplorerDefault MHTML Editor
- HKLMSoftwareMicrosoftInternet ExplorerDefault HTML Editor
- HKLMSoftwareMicrosoftInternet ExplorerDefault MHTML Editor
- HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerDefault HTML Editor
- HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerDefault MHTML Editor
All the entries use the very same shell entries as shown on the below example:
The post Beyond good ol’ Run key, Part 131 appeared first on Malware Devil.
https://malwaredevil.com/2021/02/06/beyond-good-ol-run-key-part-131/?utm_source=rss&utm_medium=rss&utm_campaign=beyond-good-ol-run-key-part-131
No comments:
Post a Comment