Hi,
When I was inspecting the registry changes made by the current Locky version I noticed that some of the registry keys appeared to be encrypted. After some more digging I identified it as ROT 13. Apparently, this is standard for some keys within UserAssist (HKU\S-1-5-21-314102926-3488232575-4191849433-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist).
Can anyone give me some insight on if this is standard practice in the registry and why it would be encrypted?
Thanks.
When I was inspecting the registry changes made by the current Locky version I noticed that some of the registry keys appeared to be encrypted. After some more digging I identified it as ROT 13. Apparently, this is standard for some keys within UserAssist (HKU\S-1-5-21-314102926-3488232575-4191849433-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist).
Can anyone give me some insight on if this is standard practice in the registry and why it would be encrypted?
Thanks.
