Beyond good ol’ Run key, Part 116

September 20, 2019 in Anti-Forensics, Autostart (Persistence)

This is a bit of an exotic entry, but it belongs to a very little understood world of Windows Error Reporting.

When applications hang, the Windows Error Reporting framework allows us to attach a debugger, if it is set up in the Registry. The actual key is present in this location:

HKLM\Software\Microsoft\Windows\Windows Error Reporting\Hangs\ Debugger = <executable>

Share this :)

Comments are closed.