How does the Image File Execution Options technique redirect executable programs in Windows?

The Image File Execution Options technique modifies a registry key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options` to redirect a target executable (e.g., notepad.exe) to a different program (e.g., calc.exe) by adding a Debugger string value. For example, starting notepad.exe would then execute calc.exe. As noted in the Analysis of Windows Backdoor Exploitation Methods in CIA Vault7 RDB, antivirus software typically intercepts such registry modifications.