F017Inconclusivevalidator: blocked
Image File Execution Options debugger on sethc.exe (Persistence/Backdoor)
Sticky-keys / IFEO debugger persistence (sethc.exe)
Analyst narrative
Registry persistence fact shows a Debugger value under Image File Execution Options for sethc.exe, a classic accessibility-backdoor persistence technique. Candidate cand-0102 fact_ids=registry_persistence_fact-0003198.
Claims asserted
pathregistry_persistence_fact-0003198
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.