Beyond good ol’ Run key, Part 131
February 6, 2021 in Anti-Forensics, Autostar 2021-02-07 06:44:08 Author: www.hexacorn.com(查看原文) 阅读量:251 收藏
February 6, 2021 in Anti-Forensics, Autostar 2021-02-07 06:44:08 Author: www.hexacorn.com(查看原文) 阅读量:251 收藏
February 6, 2021 in Anti-Forensics, Autostart (Persistence)
This is a bunch of legacy and not so popular anymore Registry locations that could have at some stage in the past support persistence by pointing to various editors associated with ‘viewing source of web pages’, and using Microsoft Office for editing HTML documents:
- HKCU\Software\Microsoft\Shared\HTML\Default Editor
- HKCU\SOFTWARE\Microsoft\Shared\HTML\Old Default Editor
- HKLM\SOFTWARE\Microsoft\Shared\HTML\Old Default Editor
- HKCU\Software\Microsoft\Internet Explorer\Default HTML Editor
- HKCU\Software\Microsoft\Internet Explorer\Default MHTML Editor
- HKLM\Software\Microsoft\Internet Explorer\Default HTML Editor
- HKLM\Software\Microsoft\Internet Explorer\Default MHTML Editor
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
All the entries use the very same shell entries as shown on the below example:
文章来源: https://www.hexacorn.com/blog/2021/02/06/beyond-good-ol-run-key-part-131/
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh