~/Privilege Escalation/Windows/Binaries# cat Regini.exe.md █
Used to manipulate the registry
Paths:
C:\Windows\System32\regini.exe
C:\Windows\SysWOW64\regini.exe
Detection: regini.exe reading from ADS
Alternate data streams
Write registry keys from data inside the Alternate data stream.
regini.exe newfile.txt:hidden.ini