r77-rootkit icon indicating copy to clipboard operation
r77-rootkit copied to clipboard

Published 20 hours ago verified publisher icon bytecode77

registry key HKEY_LOCAL_MACHINE\SOFTWARE\$77config run as administrator ?

Open badboycxcc opened this issue 1 year ago • 1 comments

The configuration is located in HKEY_LOCAL_MACHINE\SOFTWARE$77config and is writable by any process without elevated privileges. The DACL of this key is set to grant full access to any user.?

13:59:08 Failed to create registry key HKEY_LOCAL_MACHINE\SOFTWARE\$77config Try to run as administrator

badboycxcc avatar Oct 16 '24 06:10 badboycxcc

Failed to create - by whom?

This registry key can only be created with administrator privileges, which is done by r77. Then, the DACL is set up properly.

So, you need to actually install r77, not just inject several processes. Then you have this key all set up.

bytecode77 avatar Oct 17 '24 11:10 bytecode77