mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update malware-tech_ref_and_memo.md
This commit is contained in:
parent
545abcafcd
commit
ffa081c03b
@ -308,18 +308,20 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
|
||||
- 利用されるWin32API
|
||||
- RegSetValue
|
||||
- 利用されるレジストリ
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
|
||||
```
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
|
||||
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
|
||||
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
|
||||
```
|
||||
|
||||
# Shell Backdoor
|
||||
- Web Shell等
|
||||
|
Loading…
Reference in New Issue
Block a user