".exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1 Subtree: 6515968) ".exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1 Subtree: 6515968) ".exe" monitors "\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RASAPI32" (Filter: 14 Subtree: 6624000) ".exe" monitors "\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RASAPI32" (Filter: 14 Subtree: 720128) Monitors specific registry key for changes Reads information about supported languages Modifies file/console tracing settings (often used to hide footprints on system)Īdversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Opens the Kernel Security Device Driver (KsecDD) of WindowsĪdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in ] and ]. Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.
0 Comments
Leave a Reply. |