On the heels of my last blog post on this topic, I had a couple of thoughts and insights that I wanted to research a bit, and then address. I wanted to take a look at ways that the StartupApproved\Run key might be impacted, so I started by grabbing the contents of that key based on what we saw from the previous post, which are illustrated in figure 1.
 |
| Fig 1: StartupApproved\Run key contents |
Then, I captured the contents of the Run key, illustrated in figure 2.
 |
| Fig 2: Run key c […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Windows Incident Response
Read the original article: Post navigation |