The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.

Threatpost