"pestudio.exe" (Access type: "QUERYVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "DISABLECACHINGOFSSLPAGES") "pestudio.exe" (Access type: "QUERYVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "BYPASSHTTPNOCACHECHECK") "pestudio.exe" (Access type: "QUERYVAL" Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "BYPASSHTTPNOCACHECHECK") "pestudio.exe" (Access type: "QUERYVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "BYPASSSSLNOCACHECHECK") "pestudio.exe" (Access type: "QUERYVAL" Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "BYPASSSSLNOCACHECHECK") Monitors specific registry key for changes Queries the internet cache settings (often used to hide footprints in index.dat or internet cache) Reads information about supported languagesĬhecks warning level of secure to non-secure traffic redirection Installs hooks/patches the running processĪn adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.Ĭontains ability to read software policiesĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.Īdversaries may perform software packing or virtual machine software protection to conceal their code.Īdversaries may hook into Windows application programming interface (API) functions to collect user credentials.
0 kommentar(er)
