![]() ![]() Name RT_ICON RVA 0x173c4 Size 0x25a8 Type data Language Neutral Name RT_ICON RVA 0x16318 Size 0x10a8 Type data Language Neutral Name RT_ICON RVA 0x1598c Size 0x988 Type data Language Neutral Name RT_ICON RVA 0x15520 Size 0x468 Type GLS_BINARY_LSB_FIRST Language Neutral Name RT_ICON RVA 0x14c74 Size 0x8a8 Type data Language Neutral Name RT_ICON RVA 0x14988 Size 0x2e8 Type data Language Neutral Name RT_ICON RVA 0x1441c Size 0x568 Type GLS_BINARY_LSB_FIRST Language Neutral Name RT_ICON RVA 0x142f0 Size 0x128 Type GLS_BINARY_LSB_FIRST Language Neutral "Counter-StrikeSource.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\.1.ver0x000000000000001d.db" "Counter-StrikeSource.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\cversions.1.db" "Counter-StrikeSource.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches" ![]() "Counter-StrikeSource.exe" touched file "C:\Windows\AppPatch\sysmain.sdb" "Counter-StrikeSource.exe" touched file "C:\Windows\Globalization\Sorting\s" "Counter-StrikeSource.exe" touched file "C:\Windows\System32\en-US\" Reads terminal service related keys (often RDP related) Remote desktop is a common feature in operating systems. Reads the registry for installed applications Monitors specific registry key for changes Software packing is a method of compressing or encrypting an executable.Īdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in ] and ].Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Process injection is a method of executing arbitrary code in the address space of a separate live process.Īllocates virtual memory in a remote process Opens the Kernel Security Device Driver (KsecDD) of Windows Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |