sasqwatch/test.reg

Forked from hasherezade/test.reg

Created July 5, 2017 19:58

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/sasqwatch/516563eb8c5487ea579b6ede95d451ab.js"></script>
Save sasqwatch/516563eb8c5487ea579b6ede95d451ab to your computer and use it in GitHub Desktop.

Download ZIP

Demo: persistence key not visible for sysinternals autoruns (in a default configuration - read more: https://twitter.com/hasherezade/status/849756054145699840)

Raw

	Windows Registry Editor Version 5.00

	[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment