drop software and system hive reg exports · detect persistence via netsh helper dlls · winsock layered service providers · name service providers · filter driver persistence · runs locally
drop software + system hive .reg exports