The cybercriminals behind Poweliks implemented two clever techniques in their malware. The first was leveraging rundll32.dll to execute Javascript and the second was using a method to hide/protect their registry keys. I’ll be focusing on the second method. The technique of hiding/protecting registry keys using a non-ASCII character goes all the way back to over a decade ago. It’s remarkable in a s
![Registry Dumper – Find and Dump Hidden Registry Keys | Kahu Security](https://cdn-ak-scissors.b.st-hatena.com/image/square/fc8cd5e69a6630fe9b73a593f948cbd71046e009/height=288;version=1;width=512/http%3A%2F%2Fwww.kahusecurity.com%2Fwp-content%2Fuploads%2F2014%2F12%2F806x861x2014-12-06_06.png.pagespeed.ic.YS_5MGAgAG.jpg)