Image File Execution Options

#this is under the piggybacking and hijacks sections. not sure which one makes more sense.
https://blog.malwarebytes.com/101/2015/12/an-introduction-to-image-file-execution-options/
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=win32%2ffakepav
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~AutoRun-BZ/detailed-analysis.aspx
$data += [PSObject] @{Path='HKLM:\Software\Microsoft\Windows NT\CurrentVersion'; Entries='Image File Execution Options'}
$data += [PSObject] @{Path='HKLM:\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\'; Entries='Image File Execution Options'}
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/; Entries='Debugger'