Created
April 1, 2020 15:09
-
-
Save bjhulst/ddf9fce198e780f336fd9bd27a39bcbc to your computer and use it in GitHub Desktop.
Revisions
-
bjhulst created this gist
Apr 1, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,40 @@ StartUp/Run Keys HKLM\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnceHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Winlogon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell When Certain file rules: HKCU\exefile\shell\open\command HKCU\comfile\shell\open\command HKCU\batfile\shell\open\command HKCU\htafile\Shell\Open\Command HKCU\piffile\shell\open\commandHKLM\Software\CLASSES\batfile\shell\open\command HKLM\Software\CLASSES\comfile\shell\open\command HKLM\Software\CLASSES\exefile\shell\open\command HKLM\Software\CLASSES\htafile\Shell\Open\Command HKLM\Software\CLASSES\piffile\shell\open\commandHKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Boot related keys HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute HKLM\System\CurrentControlSet\Services (start value of 0 indicates kernel drivers, which load before kernel initiation) HKLM\System\CurrentControlSet\Services (start value of 2, auto-start and 3, manual start via SCM)