You may like what's on today's menu: a neat tutorial explaining how to use a less-known but highly powerful Windows feature called Image File Execution Options (IFEO) to pass programs as debuggers to other executables through registry tweaks, a trivial example, and how the use case applies to the Windows 10 GWX upgrade tool, other considerations, and more. Enjoy. http://www.dedoimedo.com/computers/windows-ifeo-debugger-gwx-more.html Cheers, Mrk
Some malware also make use of the "Image File Execution" feature and most HIPS are monitoring this key.
Yeah, I just wanted to make a comment about this. BTW, AutoRuns is also monitoring this key. http://www.howtogeek.com/school/sysinternals-pro/lesson6/all/