1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update malware-tech_ref_and_memo.md

This commit is contained in:
mether049 2020-02-17 02:16:16 +09:00 committed by GitHub
parent 545abcafcd
commit ffa081c03b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -308,18 +308,20 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
- 利用されるWin32API - 利用されるWin32API
- RegSetValue - RegSetValue
- 利用されるレジストリ - 利用されるレジストリ
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run ```
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run - HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce - HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce - HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices - HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce - HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce - HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run - HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
- HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
```
# Shell Backdoor # Shell Backdoor
- Web Shell等 - Web Shell等