I summon the collective #DFIR wisdom of Twitter. User attempts to launch Windows Explorer and another program starts instead. I'm assuming a registry setting, but which one?
15
6
10
Debugger value under Image File Execution Options key? Just brainstorming.
blog.malwarebytes.com/101/20β¦
1
3
Good idea, not the execution mechanism in this case
Oct 16, 2020 Β· 1:39 PM UTC
2